search menu icon-carat-right cmu-wordmark

Computer Security Incident Response Teams

When computer security incidents occur, organizations must respond quickly and effectively. The SEI supports the international community of computer security incident response teams (CSIRTs) that protect and defend against cyber attacks.

Helping Organizations Protect Themselves

We help government and industry organizations develop, operationalize, and improve their incident management capabilities so they can protect themselves from attack and limit the damage and scope of attacks.

Evaluating Incident Management > Helping Organizations Protect Themselves > CSIRT

Evaluating Incident Management Capabilities

We offer two methods that organizations can use to evaluate and improve their capability to manage computer security incidents:

Supporting CSIRTs

We support CSIRTS with resources for planning, developing capabilities and skills, networking, and staying up to date. Your participation and feedback make these resources useful and successful. Contact us to get more information or suggest improvements.

Case Studies

Reading our case studies about national information security teams can be an effective way for incident management teams to get started or improve their performance.

CSIRT Case Study: Columbia


Between 2000 and 2009, Colombia’s Internet penetration grew rapidly from 3% to 45%. The government soon realized that something had to be done about computer security, and after a thorough investigation of different possibilities, colCERT was formed.


Corona Virus Updates

The Software Engineering Institute is evaluating all upcoming courses, conferences, and events on a case-by-case basis in light of COVID-19 developments.

Please check individual event pages for the latest information.

Get the most up-to-date information on Carnegie Mellon's response on the CMU coronavirus website.

Carnegie Mellon's response to coronavirus

SEI Publications

Our extensive collection of resources covers an array of CSIRT topics, including how to create and operate a CSIRT.

Resources for Creating a CSIRT

Resources for Creating a CSIRT

January 18, 2017 Collection

These resources help you to get started when creating a new CSIRT.

Resources for Collecting Evidence and Forensics

Resources for Collecting Evidence and Forensics

January 18, 2017 Collection

This collection of resources provides information about basic forensic data collection, and forensic methodology.

Security and Ontology Resources

Security and Ontology Resources

January 12, 2017 Collection

This research explores controlled vocabularies, taxonomies, and ontologies to make progress toward a science of cybersecurity.

Incident Management Resources

Incident Management Resources

September 30, 2014 Collection

These resources cover many aspects of incident management in CSIRTs, NatCSIRTs, and beyond.

Competency Development and Workforce Readiness

Competency Development and Workforce Readiness

August 27, 2014 Collection

The following publications relate to competency development and workforce readiness.


Building an International Network of CSIRTs

Working together is the most effective way to challenge cyber attacks. We foster relationships among over 50 National CSIRTs worldwide by providing mechanisms for cooperation and collaboration.

Networking and a Community of Practice

A CSIRT with National Responsibility (or "National CSIRT") is a CSIRT that has been designated by a country or economy to have specific responsibilities in cyber protection for the country or economy. A National CSIRT can be inside or outside of government, but it must be specifically recognized by the government as having responsibility in the country or economy.

View a complete list of National CSIRTs

Annual NatCSIRT Meeting

Since 2006, the CERT Coordination Center has been hosting an annual meeting for National CSIRTs (“NatCSIRTs”) immediately following the FIRST Conference. This meeting provides an opportunity for organizations responsible for protecting the security of nations, economies, and critical infrastructures to meet and discuss the unique challenges of their roles.

Beneficial to both new and established National CSIRTs, the meeting provides a forum for networking and collaboration. Discussions are participantdriven and often focus on current issues, tools, and methods relevant to the National CSIRT community. We also allocate some sessions for CSIRTs representatives to give presentations about their collaborative work or research. If your team is involved in a collaborative or unique project that would be of interest to other National CSIRTs, we encourage you to consider presenting.

International Community Resources

Our colleagues in the international community offer many valuable resources—including those linked below—on topics such as incident response and CSIRTS.

The FIRST Site Visit Requirements and Assessment contains a list of requirements that can be used in building or benchmarking a team. The FIRST Services Framework provides information on the capabilities and services a team can provide to its constituents.

ENISA logo


The European Union Agency for Network and Information Security (ENISA) improves network and information security in the European Union (EU). ENISA helps the European Commission and EU member states meet the requirements of network and information security, including present and future EU legislation.