RFC-2350: CSIRT Description for RICHEMONT-CSIRT - - - - - - - - ------------------------------------------- 1. About this document 1.1 Date of Last Update This is version 1.10, 2023-01-25. 1.2 Distribution List for Notifications Members of the constituency are informed of changes through their closed channels. 1.3 Locations where this Document May Be Found The current version of this CSIRT description document is available from the RICHEMONT-CSIRT website; its URL is https://csirt.richemont.com Please make sure you are using the latest version. 1.4 Authenticating this Document This document has been signed with RIC-CERT's PGP key. 2. Contact Information 2.1 Name of the Team "RICHEMONT-CSIRT": the RICHEMONT Group Cyber Security Incident Response Team. 2.2 Address Richemont Group CSIRT - Group Security Chemin de la Chênaie 50 1293 Bellevue, Geneve Switzerland 2.3 Time Zone Richemont CSIRT operates in follow-the-sun methodology and is available 24/7. Locations: - Switzerland (CET) - China (CST) - Hong Kong (HKT) - United States of America (EST) 2.4 Telephone Number +1 (716) 455-2367 - available 24/7. 2.5 Facsimile Number Richemont CSIRT does not use Facsimile, please choose other communication technologies. 2.6 Other Telecommunication Video conferencing is available on request. Members of the constituency have access to closed, secure communication tools. 2.7 Electronic Mail Address This address will reach our team mailbox which is monitored 24/7. 2.8 Public Keys and Other Encryption Information RICHEMONT-CSIRT has a PGP key, whose KeyID is B7CF12A7 and whose fingerprint is 925C 0FED 3461 42D9 E67D  2755 3C12 055C B7CF 12A7. The key and its signatures can be found at the public keyservers as well as on the Web site: https://csirt.richemont.com 2.9 Team Members RICHEMONT-CSIRT is operated by dedicated staff, distributed over 4 different countries and covering the following languages: English, French, German, Portuguese, Arabic, Italian, Cantonese, Mandarin and Spanish. 2.10 Other Information General public information about RICHEMONT-CSIRT is found on the Web site: https://csirt.richemont.com 2.11 Points of Customer Contact Normal contact is through e-mail using the address . In urgent cases and emergencies customers as well as other CERTs can use the phone numbers given above. Internal costumers have also available automated reporting tools available internally to the group. 3. Charter 3.1 Mission Statement RICHEMONT-CSIRT supports members of its constituency (see below) with reactive and proactive services in the field of Cyber Security. 3.2 Constituency RICHEMONT-CSIRT supports Richemont Group and all it's Brands (Maisons), Globally. The following brands/entities are part of Richemont Group: - Vacheron Constantin - Purdey - Baume & Mercier - Jaeger-LeCoultre - A. Lange & Söhne - Cartier - Officine Panerai - IWC Schaffhausen - Piaget - Alfred Dunhill - Van Cleef & Arpels - Montblanc - Serapian - Chloé - Azzedine Alaïa - Roger Dubuis - YOOX NET-A-PORTER GROUP - www.ynap.com - www.net-a-porter.com - www.mrporter.com - www.theoutnet.com - www.yoox.com - Peter Millar - Buccellati - Delvaux - Timevallée - Watchfinder.co.uk - Compagnie Financière Richemont SA - Richemont International SA - RLG Europe B.V. (Swiss Branch) - Richemont Asia Pacific Limited - Richemont Japan Limited - Richemont Commercial Company Limited - Richemont North America, Inc. - Richemont (Dubai) FZE For updated information about the Group and its brands please refer to https://www.richemont.com/our-businesses.html Internet domain and/or IP address information: - AS25275 - Domain names from all Richemont Group and its subsidiaries (above) 3.3 Sponsorship and/or Affiliation RICHEMONT-CSIRT is operated by the Richemont Group Security team. 3.4 Authority RICHEMONT-CSIRT, part of the Richemont Group Security team, is mandated by the Richemont Group to operate all services listed below for its constituency (above). 4. Policies 4.1 Types of Incidents and Level of Support Incidents are prioritised according to their severities. Incidents directly affecting members of the constituency are treated with higher priority. 4.2 Co-operation, Interaction and Disclosure of Information All requests to RICHEMONT-CSIRT are treated with due care. RICHEMONT-CSIRT adheres to the traffic light protocol (TLP). See https://www.trusted-introducer.org/ISTLPv11.pdf for a description. Classified messages should be tagged in the subject as [TLP Color]. A similar stamp should be clearly visible in other documents, such as PDF files etc, sent to RICHEMONT-CSIRT. If contact is through phone or video conference, the TLP classifications should be stated prior to the delivery of the information. It is recommended to encrypt sensitive information with the PGP key mentioned above. Unless required by legal or regulatory authorities, RICHEMONT-CSIRT will never release information provided by third parties without their consent. Other encryption methods are available upon request. 4.3 Communication and Authentication See 4.2. To ensure authenticity of information use PGP signatures. 5. Services 5.1 Incident Response RICHEMONT-CSIRT is responsible to provide Cyber Security Incident Response services to it's constituency, in particular: - Incident Monitoring and Triage - Incident Analysis and Response - Incident Coordination - Forensic investigations - Artifact analysis 5.2 Vulnerability Management RICHEMONT-CSIRT is responsible to continuously monitor it's consistency for existing vulnerabilities, liaising with the respective stakeholders (internal consistency, vendors and third party suppliers) for containment and mitigation. 5.3 Technical Security Assessments RICHEMONT-CSIRT is responsible to perform technical security assessments (pentests) for its consistency and their projects, applications or initiatives. 5.3 Proactive Activities RICHEMONT-CSIRT provides the following proactive services: - Liaison and Cooperation with relevant stakeholders (internal or external) - Cyber Risk identification - Cyber Risk Reporting - Internal Communication and alert dissemination - Internal Awareness support 6. Incident Reporting Forms There are no forms available. The preferred way of reporting incidents is by email, phone or other reporting tools available only internally to constituency members. 7. Disclaimer Neither RICHEMONT-CSIRT nor Richemont Group warrant that any information, notifications and/or alerts will be error free or that the servers that make them available are free of viruses or other harmful components. Without limiting the foregoing, everything is provided "AS IS" AND "AS AVAILABLE" AND, TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, REASONABLE CARE AND SKILL, OR NON-INFRINGEMENT. Neither RICHEMONT-CSIRT nor Richemont Group and their suppliers make any warranties about any information, software, text, downloads, graphics, and links made available, or about results to be obtained from using such material. All information in this document is © Richemont International SA and/or its affiliates 2018. This document may not be redistributed, in whole or in part, without the explicit, written permission of RICHEMONT-CSIRT. Please use the URL given under 1.3 for redistribution.