TS-CERT RFC 2350
1 Document Information
This document describes TS-CERT in accordance with RFC 2350.
1.1 Date of Last Update
Version 1.1, published on 05. October 2020.
1.2 Distribution List for Notifications
Changes to this document are not distributed by a mailing list.
1.3 Locations where this Document May Be Found
The document is located at the following address:
The latest version is available also upon request to
email@example.com via electronic mail.
2 Contact Information
2.1 Name of the Team
TS-CERT: Telekom Slovenije Computer Emergency Response Team (English name)
TS-CERT: Telekom Slovenije odzivni center za kibernetsko varnost (Slovenian name)
Telekom Slovenije, Stegne 19
2.3 Time Zone
- CET, Central European Time
(UTC+1, between last Sunday in October and last Sunday in March)
- CEST (also CET DST), Central European Summer Time (UTC+2, between last Sunday in March and last Sunday in October)
2.4 Telephone Number
+386 1 234 16 80
2.5 Other Telecommunication
2.6 Electronic Mail Address
TS-CERT uses different e-mail addresses for different purposes:
2.7 Public Keys and Encryption Information
TS-CERT uses PGP for digital signatures and to receive encrypted information. The key is available on PGP/GPG keyservers and at
https://www.telekom.si/Documents/TS-CERT_public_key.asc. Information about the key:
pub 4096R/A800C0A8 2019-09-04
Fingerprint=0824 860C 3388 7CDC A0D8 51F5 878E 0AA5 A800 C0A8
2.8 Team Members
Rok Peršak is the Team Manager of TS-CERT. A full list of other members of TS-CERT is not publicly available. Team members will identify themselves to the reporting party with their full name in an official communication regarding an incident.
2.9 Other Information
General information about TS-CERT is available at
2.10 Points of Customer Contact
The preferred method of contacting TS-CERT is via e-mail at the following addresses:
Office hours for TS-CERT are 24/7/365. TS-CERT staff is available via e-mail.
3.1 Mission Statement
Primary goal is to ensure confidentiality, integrity and availability of data and assets owned by Telekom Slovenije d. d. and it's customers, by providing services that effectively identify, monitor, respond to and mitigate security incidents.
Cybersecurity incidents refer to errors or activities that are not part of a standard information technology service operation and pose a risk of compromise or loss of information. Discovering, monitoring and reacting to incidents as promptly as possible can minimaze overall damage and reduce the cost of incident handling.
TS-CERT is established by Telekom Slovenije, Slovenian telecomunication and service provider company. It serves as CERT for subscribers to Telekom Slovenije communication and ICT services including security operations center service. TS-CERT respond to general public queries with advice and direct them to SI-CERT or other entity.
3.3 Sponsorship and/or Affiliation
TS-CERT is sponsored and operated by Telekom Slovenije.
TS-CERT corresponds to SOC and CSIRT of Telekom Slovenije. It's role is not bind to any specific regulation although TS-CERT provides SOC services to organizations liable under the Information Security Act. Telekom Slovenije is regulated under ZEKOM-1 act and TS-CERT reports relevant incidents to AKOS (Slovenian Telecommunication Regulator). TS-CERT cooperates actively with SI-CERT (national CSIRT of Slovenia) and law-enforcement bodies.
4.1 Types of Incidents and Level of Support
TS-CERT handles and responds to cybersecurity incidents for Telekom Slovenije, it's subscriers and customers with eligible contracts. Telekom Slovenije offer the same services for non-costumers against mutual agreement.
4.2 Co-operation, Interaction and Disclosure of Information
TS-CERT treats all information included in the correspondence with any party as confidential. Specific case information is disclosed only to parties involved in the investigation of the offense or incident. Personal identifiable information that is not crucial to the investigation by the party involved will be removed or anonymised. TS-CERT discloses specific information about certain case to other entities only in accordance with applicable Slovenian law. TS-CERT may include generalised and anonymised information for a case study.
4.3 Communication and Authentication
The preferred method of communication is via e-mail. When the content is deemed sensitive enough or requires authentication, TS-CERT PGP key is used for signing e-mail messages. All sensitive communication to TS-CERT should be encrypted by the team’s PGP key. Alternative methods can be agreed on case by case.
5.1 Incident Response
TS-CERT provides security operations and incidents response to Telekom Slovenije and SOC and CSIRT customers.
- Analysis and triage of security events at tier-1
- Case management, assignement to other participants
- Escalation to tier-2
- Declaration of incident
5.1.2. Incident coordination and resolution
- Incident investigation, remote or onsite
- Containment of harmful effects
- Remediation and recovery procedures
- Communication activities
5.2 Proactive Activities
Security assessment and check
Telekom Slovenije provides informatin security assessment service according to ISO 2700 and system security checks.
Telekom Slovenije provides DDoS mitigation service to the customers.
Security system engineering
Telekom Slovenije provides system integration and managed network and security services.
Telekom Slovenije offers training and workshops on network and information security topics.
6 Incident Reporting Forms
Telekom Slovenije SOC customers has different ways of reporting incidents to TS-CERT according to contract. Reports may be sent to the e-mail address firstname.lastname@example.org. Internally, Telekom Slovenije has additional options to report an incident.
While every precaution will be taken in the preparation of information, notifications and alerts, TS-CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.