CSIRT definition
CSIRT is a team of IT professionals responsible for detecting, controlling, and eliminating cyber incidents within an organization. Organizations can form their own CSIRT using internal resources or hire expert teams from the outside to handle problems. In addition to responding to incidents, CSIRTs develop the organization’s security policies, train staff in best practices, and analyze past incidents to deter future attacks.
The first computer security incident response team was assembled under a US government contract at Carnegie Mellon University. It was created in response to the 1988 Morris Worm incident that paralyzed a large portion of the early internet.
Real CSIRT examples
- CERT-EU is the computer emergency response team hosted by the European Commission to assist EU institutions, bodies, and agencies.
- CyOps (Cynet) is an external response team that can be hired by organizations to help them deal with cybersecurity incidents 24/7.
