Home

CSIRT

A CSIRT, or Computer Security Incident Response Team, is a group designated to receive, review, and respond to computer security incidents. CSIRTs can be national, regional, sectoral, corporate, or organizational. They coordinate response activities, provide guidance, and share information about threats and incidents.

Core responsibilities include incident detection and triage, containment and eradication, recovery and business continuity, and post-incident

Functions also include threat intelligence sharing, vulnerability coordination, coordination with law enforcement when appropriate, and public

The term originated from the CERT/CC at Carnegie Mellon University, and many CSIRTs use the term CERT

analysis.
They
typically
operate
incident
response
processes
following
established
frameworks
such
as
ISO/IEC
27035,
NIST
SP
800-61,
and
other
national
guidelines.
They
may
provide
24/7
incident
handling
hotlines,
advisories,
and
technical
assistance
to
customers,
partners,
and
the
public.
reporting.
CSIRTs
often
collaborate
through
information
sharing
communities
and
international
CERT
networks
to
disseminate
indicators
of
compromise,
advisories,
and
best
practices.
Types
of
CSIRTs
include
national
CSIRTs
that
serve
a
country;
government
CSIRTs;
sectoral
or
industry
CSIRTs;
corporate
CSIRTs
within
organizations;
academic
or
research
CSIRTs;
regional
CSIRTs;
and
ISACs.
A
CSIRT's
structure
may
include
incident
handlers,
analysts,
threat
researchers,
and
liaisons
to
IT
operations,
management,
and
external
partners.
in
their
name
or
branding.
In
practice,
CSIRTs
aim
to
reduce
incident
impact,
improve
resilience,
and
promote
safer
use
of
networks
and
information
systems
through
proactive
risk
management
and
clear
communication.