Browse Definitions :
Definition

Computer Security Incident Response Team (CSIRT)

Contributor(s): Stan Gibilisco

A Computer Security Incident Response Team (CSIRT, pronounced "see-sirt") is an organization that receives reports of security breaches, conducts analyses of the reports and responds to the senders. A CSIRT may be an established group or an ad hoc assembly.

There are various types of CSIRTS. An internal CSIRTs is assembled as part of a parent organization, such as a government, a corporation, a university or a research network. National CSIRTs (one type of internal CSIRT), for example, oversee incident handling for an entire country. Typically, internal CSIRTS gather periodically throughout the year for proactive tasks such as DR testing, and on an as-needed basis in the event of a security breach. External CSIRTs provide paid services on either an on-going or as-needed basis.

CERT (Computer Emergency Readiness Team) lists the following among the roles of CSIRT members:

  • Manager or team lead.
  • Assistant managers, supervisors, or group leaders.
  • Hotline, help desk, or triage staff.
  • Incident handlers.
  • Vulnerability handlers.
  • Artifact analysis staff.
  • Platform specialists.
  • Trainers.
  • Technology watch.

The specific services provided vary from one CSIRT to another. A computer security incident can involve a real or suspected breach or the act of willfully causing a vulnerability or breach. Typical incidents include the introduction of viruses or worms into a network, DoS (denial of service) attacks, unauthorized alteration of software or hardware, and identity theft of individuals or institutions. Hacking in general can be considered a security incident unless the perpetrators have been deliberately hired for the specific purpose of testing a computer or network for vulnerabilities. (In that case, the hackers can form part of the CSIRT, in a preventive role.) CSIRTs may provide proactive services, such as end-user security training, besides responding to incidents.

Response time constitutes a critical consideration in assembling, maintaining and deploying an effective CSIRT. A rapid, accurately targeted, and effective response can minimize the overall damage to finances, hardware, and software caused by a specific incident. Another important consideration involves the ability of the CSIRT to track down the perpetrators of an incident so that the guilty parties can be shut down and effectively prosecuted. A third consideration involves "hardening" of the software and infrastructure to minimize the number of incidents that take place over time.

Alternate terms for CSIRT include CIRC (Computer Incident Response Capability), CIRT (Computer Incident Response Team), IRC (Incident Response Center or Incident Response Capability), IRT (Incident Response Team), SERT (Security Emergency Response Team) and SIRT (Security Incident Response Team). Internal CSIRTs often use one of the terms along with an identifier. The national CSIRT in the United States, for example, is US-CERT.

This was last updated in August 2012

Continue Reading About Computer Security Incident Response Team (CSIRT)

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

I believe it would be useful to reference the "FIRST" organization related to this topic -- they have a lot of relevant collateral and deserve support. Thanks for sharing.
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • compliance audit

    A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.

  • regulatory compliance

    Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business...

  • Whistleblower Protection Act

    The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from ...

SearchSecurity

  • Malwarebytes software

    Malwarebytes is a cross-platform anti-malware program that detects and removes malware and other rogue software.

  • Transport Layer Security (TLS)

    Transport Layer Security (TLS) is a protocol that provides authentication, privacy, and data integrity between two communicating ...

  • van Eck phreaking

    Van Eck phreaking is a form of electronic eavesdropping that reverse engineers the electromagnetic fields (EM fields) produced by...

SearchHealthIT

SearchDisasterRecovery

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

  • business continuity software

    Business continuity software is an application or suite designed to make business continuity planning/business continuity ...

  • business continuity policy

    Business continuity policy is the set of standards and guidelines an organization enforces to ensure resilience and proper risk ...

SearchStorage

  • solid-state storage

    Solid-state storage (SSS) is a type of computer storage media made from silicon microchips. SSS stores data electronically ...

  • persistent storage

    Persistent storage is any data storage device that retains data after power to that device is shut off. It is also sometimes ...

  • computational storage

    Computational storage is an information technology (IT) architecture in which data is processed at the storage device level to ...

Close