search menu icon-carat-right cmu-wordmark

Computer Security Incident Response Teams

When computer security incidents occur, organizations must respond quickly and effectively. The SEI supports the international community of computer security incident response teams (CSIRTs) that protect and defend against cyberattacks.

Helping Organizations Protect Themselves

We help government and industry organizations develop, operationalize, and improve their incident management capabilities so they can protect themselves from attack and limit the damage and scope of attacks.

Evaluating Incident Management > Helping Organizations Protect Themselves > CSIRT

Evaluating Incident Management Capabilities

We offer two methods that organizations can use to evaluate and improve their capability to manage computer security incidents:

Supporting CSIRTs

We support CSIRTS with resources for planning, developing capabilities and skills, networking, and staying up to date. Your participation and feedback make these resources useful and successful. Contact us to get more information or suggest improvements.

Case Studies

Reading our case studies about national information security teams can be an effective way for incident management teams to get started or improve their performance.

CSIRT Case Study: Columbia

Colombia

Between 2000 and 2009, Colombia’s Internet penetration grew rapidly from 3% to 45%. The government soon realized that something had to be done about computer security, and after a thorough investigation of different possibilities, colCERT was formed.

Download

Use of the CERT Mark and Graphic

CSIRTs that share our commitment to improving the security of networks connected to the Internet may apply for authorization to use the CERT mark in their names and use a special graphic on their website. In this way, they can indicate that their CSIRT is part of a network of teams that provide similar services. See Authorized Users of the CERT Mark.

Apply to Use Mark

SEI Publications

Our extensive collection of resources covers an array of CSIRT topics, including how to create and operate a CSIRT.

Resources for Creating a CSIRT

Resources for Creating a CSIRT

January 18, 2017 Collection

These resources help you to get started when creating a new CSIRT.

view
Resources for Collecting Evidence and Forensics

Resources for Collecting Evidence and Forensics

January 18, 2017 Collection

This collection of resources provides information about basic forensic data collection, and forensic methodology.

view
Security and Ontology Collection

Security and Ontology Collection

January 12, 2017 Collection

This research explores controlled vocabularies, taxonomies, and ontologies to make progress toward a science of cybersecurity.

view
Incident Management Resources

Incident Management Resources

September 30, 2014 Collection

These resources cover many aspects of incident management in CSIRTs, NatCSIRTs, and beyond.

view
Competency Development and Workforce Readiness

Competency Development and Workforce Readiness

August 27, 2014 Collection

The following publications relate to competency development and workforce readiness:

view

Building an International Network of CSIRTs

Working together is the most effective way to challenge cyberattacks. We foster relationships among over 50 National CSIRTs worldwide by providing mechanisms for cooperation and collaboration.

Networking and a Community of Practice

A CSIRT with National Responsibility (or "National CSIRT") is a CSIRT that has been designated by a country or economy to have specific responsibilities in cyber protection for the country or economy. A National CSIRT can be inside or outside of government, but it must be specifically recognized by the government as having responsibility in the country or economy. View a complete list of National CSIRTs.

The National CSIRT Collaboration Wiki helps you cooperate and collaborate with your fellow National CSIRTs to solve common problems, exchange information about technical projects, and discuss other relevant work.

NATIONAL CSIRT COLLABORATION WIKI

Annual NatCSIRT Meeting

Since 2006, the CERT Coordination Center has been hosting an annual meeting for National CSIRTs (“NatCSIRTs”) immediately following the FIRST Conference. This meeting provides an opportunity for organizations responsible for protecting the security of nations, economies, and critical infrastructures to meet and discuss the unique challenges of their roles.

Beneficial to both new and established National CSIRTs, the meeting provides a forum for networking and collaboration. Discussions are participantdriven and often focus on current issues, tools, and methods relevant to the National CSIRT community. We also allocate some sessions for CSIRTs representatives to give presentations about their collaborative work or research. If your team is involved in a collaborative or unique project that would be of interest to other National CSIRTs, we encourage you to consider presenting.

International Community Resources

Our colleagues in the international community offer many valuable resources—including those linked below—on topics such as incident response and CSIRTS.

IEEE Computer Society

IEEE Computer Society

In Identifying a Shared Mental Model Among Incident Responders, the authors explore how effective communication might be improved developing a mental model internalized by the group’s technical staff prior to an incident.

Symantec Connect/Security Focus

Symantec Connect/SecurityFocus

These submitted articles cover topics of interest to the security community.