Definitions[]
A Computer Security Incident Response Team (CSIRT) (also called a Computer Incident Response Team (CIRT) or a Computer Incident Response Center, or a Computer Incident Response Capability) (CIRC) is
“ | [a] capability set up for the purpose of assisting in responding to computer security-related incidents.[1] | ” |
“ | [a]n organization "that coordinates and supports the response to security incidents that involve sites within a defined constituency."[2] | ” |
Overview[]
The job of a Computer Security Incident Response Team (CSIRT) is to detect that an attack occurred, prevent ongoing damage, repair the damage to the extent possible, reconstitute the affected system functions, and report as appropriate to the United States Computer Emergency Readiness Team (US-CERT) and to other affected parties according to governing regulation and law.
"To be considered a CSIRT, an organization must do as follows:
- Provide a (secure) channel for receiving reports about suspected security incidents.
- Provide assistance to members of its constituency in handling the incidents.
- Disseminate incident-related information to its constituency and other involved parties."[3]
References[]
- ↑ NIST Special Publication 800-61 (rev. 1), Glossary, at D-1; NIST Special Publication 800-150, at 59.
- ↑ Internet Security Glossary, at 43.
- ↑ Id.
Source[]
- "Overview" section: Computer Security Incident Coordination (CSIC): Providing Timely Cyber Incident Response, at 78 Fed. Reg. 38950.