PGE-CERT has been brought to life by PGE Systemy in order to react to and mitigate information security incidents.
Main PGE-CERT tasks are:
Traffic Light Protocol
Just like other security teams, PGE-CERT uses Traffic Light Protocol (TLP). The protocol was created in order to facilitate greater sharing of information. TLP is a set of designations used to ensure that sensitive information is shared with the appropriate audience. It employs four colors to indicate expected sharing boundaries to be applied by the recipient(s).
What is TLP?
Traffic Light Protocol is a set of rules grouped in 4 categories. It is used in order to define the recipients of a message in a better way. In order to make it as simple as possible TLP is using four colors (RED, AMBER, GREEN, WHITE) to categories the information being shared. Choosing the right category is a responsibility of the organization who is sharing the information. If a recipient needs to share the information more widely than indicated by the original TLP designation, they must obtain explicit permission from the original source.
|TLP:RED||Not for disclosure, restricted to participants only|
|TLP:AMBER||Limited disclosure, restricted to participants’ organizations|
|TLP:GREEN||Limited disclosure, restricted to the community|
|TLP:WHITE||Disclosure is not limited|
Information about the used TLP should be put in the header or the footer of the message. Preferably the ‘TLP: [COLOR]’ syntax should be used. The Traffic Light Protocol has no use for information that is classified or should be kept secret.
Please use TLP when contacting PGE-CERT. The information should be clearly labeled with the chosen color in the subject of the email and before the information itself.
The chosen color of TLP should be written with capital letters: TLP: RED, TLP: AMBER, TLP: GREEN lub TLP: WHITE
PGE-CERT contact information
In emergency cases please contact the PGE-CERT team through email: email@example.com
PGE Systemy S.A.PGE-CERT, ul. Mysia 2, 00-496 Warsaw
Emergency number: +48 885 552 646; e-mail: firstname.lastname@example.org.
Please submit the following information:
In order to keep our correspondence private please use the PGP/GPG system when contacting PGE-CERT.