Security incident reporting to NÚKIB

ALVAO can automate reporting of security incidents to the National Cyber and Information Security Agency (NÚKIB) of the Czech Republic.

The workflow of the Report security incident to NÚKIB sample service:

When a new ticket is created in the service, it has the Approving by security manager status and needs to be approved by a security manager. If approved, it goes to the Report to NÚKIB status and the report is automatically sent by email to the cert.incident@nukib.gov.cz address. Then the ticket automatically switches to the Resolved and subsequently to the Closed status.

Requirements

• ALVAO Service Desk
• ALVAO Advanced Workflows module
• ALVAO Service Desk Enterprise API module

Installation

1. Download the sample service file in the language of your Alvao:

   • SampleServiceEnglishVersion.xml
   • SampleServiceCzechVersion.xml

2. Go to Administration - Service Desk - Services and import the sample service with the Import command.

3. Go to Administration - Service Desk - Processes, select the Security incident reporting to NÚKIB process and use the Edit - Workflow command.

4. Edit the Approving by security manager and the Report to NÚKIB statuses. In the Others section of the Edit form, fill the following fields:

   • Security incident report to NÚKIB - approval status
   • Security incident report to NÚKIB - approver (security manager)
   • Security incident report to NÚKIB - automatically send incident to NÚKIB when transfer to this status
   • Security incident report to NÚKIB - sender
   • Security incident report to NÚKIB - Identificator

   Please read the detailed description of each field.

5. Go to Administration - Applications and import the SecurityIncidentReportingToNUKIB.xml file using the Import command.

6. Enable the app with the Enable command.

Advanced configuration

Email template

You can modify the template of the emails sent to NÚKIB. Go to the Administration - Settings - Advanced page, select the AutomaticReportSecurityIncidents.NUKIB.EmailTemplate setting and use the Edit command.

The default email template:

{
    "csy": {
        "subject": "Hlášení kybernetického bezpečnostního incidentu",
        "body": "Vážený týme NÚKIB,\nv příloze této zprávy zasíláme oznámení o kybernetickém bezpečnostním incidentu ve formátu XML, v souladu s platnou legislativou.\nV případě potřeby doplnění informací nás prosím neváhejte kontaktovat.\n\nS pozdravem,\n[$SecurityManagerName$]\nSecurity Manager\n[$OrganizationName$]\n[$PhoneAndEmail$]"
    },
    "enu": {
        "subject": "Cybersecurity Incident Report",
        "body": "Dear NÚKIB team,\nPlease find attached an XML report of a cybersecurity incident, submitted in accordance with applicable legislation.\nPlease do not hesitate to contact us if you require any additional information.\n\nBest regards,\n[$SecurityManagerName$]\nSecurity Manager\n[$OrganizationName$]\n[$PhoneAndEmail$]"
    }
}

Variables:

• [$SecurityManagerName$] - name of the Security incident report to NÚKIB - approver (security manager) user
• [$OrganizationName$] - name of the organization of the Security incident report to NÚKIB - approver (security manager)
• [$PhoneAndEmail$] - phone and email of the organization of Security incident report to NÚKIB - approver (security manager). Email is sent in the preferred language of the service.

New ticket form

You can also modify the New ticket form of the reporting service. Go to Administration - Service Desk - Services, select the service and use the Edit - New ticket form command.