Question 1

What is EG-FinCIRT?

Accepted Answer

Egypt Financial Computing Incident Response Team (EG-FinCIRT) is the first sectorial computer incident response team (CIRT) in the country.

The Central Bank of Egypt established EG-FinCIRT as part of its regulatory and strategic roles to coordinate the stability of financial services provision in the country. This is especially important in light of the sector’s rapid expansion due to the focus on modernizing the financial ecosystem, inclusion, and digital banking, as well as to improve cybersecurity resilience and reduce risks and threats.

EG-FinCIRT is designed as an agile, competent, and task-fit organization with a broader range of capabilities that enable performing 24/7 security monitoring for constituents, cooperation and sharing of relevant, actionable cyber threat information, warnings, and effective security policies and practices for the benefit of all within the Egyptian Financial sector. Additionally, EG-FinCIRT offers its constituents a number of important cybersecurity services, including Penetration Testing, Incident Response, Digital Forensics and Artifact Analysis.

Question 2

What does EG-FinCIRT do?

Accepted Answer

Security monitoring to detect any malicious/suspicious activities and ensure that every detected incident is handled.
Incident handling and providing support for any constituent under attack.
Threat hunting and gathering threat intelligence data to improve the accuracy of security incident detection. (processing of intelligence and disseminated to banks)
Providing professional digital forensic services, in case of cyber incidents, including reverse engineering and artifact analysis.
Provide penetration testing, code review, information security and vulnerability assessment for constituents.
Promoting cyber security awareness, expertise transfer and training programs in the financial and banking sector.

See the link below for more information on the services offered by EG-FinCIRT: https://www.egfincirt.org.eg/services/.

Question 3

How to report incidents to EG-FinCIRT?

Accepted Answer

Incidents can be reported through different channels

EG-FinCIRT Website can be used for incident reporting, simply click “REPORT INCIDENT” Button in the Website Header and enter the Incident information. Your data will be transmitted securely to EG-FinCIRT servers.
You can contact EG-FinCIRT via e-mail at egfincirt@cbe.org.eg or cirt@egfincirt.org.eg. To encrypt sensitive information, we may use our PGP key, which is available at https://www.egfincirt.org.eg/contacts/

Question 4

What kind of information should I provide to the EG-FinCIRT staff when an incident occurs at my site?

Accepted Answer

Any relevant information about the incident should be provided. As an example of the type of data that should be provided, consider the Report an Incident form https://www.egfincirt.org.eg/report-incident/

Question 5

What happens after reporting the incident?

Accepted Answer

After reporting the incident, The Concerned Team in EG-FinCIRT will contact the reporting party for incident handling or any clarification required.

Question 6

What can be reported to EG-FinCIRT?

Accepted Answer

EG-FinCIRT Constituents can report cyber security Incidents that include exploitable security vulnerabilities, phishing, denial of service, malicious code (malware, viruses, ransomware, etc.), website defacement, compromised email accounts, any Bank’s related sites hacked or defaced, attacks on systems or any other cyber security related incidents

Moreover, any cyber Security incidents that is related to the Egyptian Financial sector should be reported to EG-FinCIRT.

Question 7

What should not be reported to EG-FinCIRT?

Accepted Answer

Any non-cyber security incidents not related to the Egyptian financial sector.

Question 8

Why should I report an incident?

Accepted Answer

To Adhere to Central Bank Of Egypt Mandates.
To receive technical assistance in handling the incident, and mitigating any damage that may result from the reported incident.
To decrease the probability of such attacks and incidents recurring in the future as much as possible.
To assist EG-FinCIRT in raising cyber security resilience among the financial and banking sector, as well as to assist other constituents in avoiding such a reported incident.
To assist EG-FinCIRT in disseminating more accurate statistics on cybercrime in the financial and banking sector.
To assist CBE Cyber Security Sector in developing better security guidelines and controls for the Financial sector in Egypt.

Question 9

What should you do if you are a victim of a security incident?

Accepted Answer

Contact EG-FinCIRT immediately.
Follow EG-FinCIRT Recommendations that may include but not limited to:
1. Identify the source machine(s) that are affected by the security incident
2. Isolate the discovered machine(s).
3. Keep all infected devices (if any) running without shutting them down or modification till further notification from EG-FinCIRT.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

FAQ

Member of