search menu icon-carat-right cmu-wordmark

Cybersecurity Center Development

Created November 2017

A cybersecurity center is a team of experts who mitigate threats by monitoring, detecting, and responding to incidents. These centers may take the form of computer security incident response teams (CSIRTs), security operations centers (SOCs), product security incident response teams (PSIRTs), National CSIRTs, or other similar incident management teams. Our experts in the CERT Division prepare these teams to effectively assess and manage cybersecurity incidents.

How Can You Protect Your Organization from Ever-Changing Cyber Attacks?

Even the best information security infrastructure can’t guarantee that intrusions or other malicious acts won’t happen. The latest industry trends and reports highlight increases in the volume and sophistication of cyber attacks that result in extortion, fraud, and data breaches.

Preparing for intrusions before they occur is the best defense. However, because threats continue to evolve, the tools and approaches you’ve relied on in the past aren’t sufficient to address today’s sophisticated and potentially crippling attacks.

These cyber attack trends, which exist at the organizational and national levels, require a multilayered approach to monitoring and protecting critical assets and infrastructures. Your organization is challenged to deal with cybersecurity incidents and limit the damage they cause.

Working Together Works

Working together is the most effective way to challenge cyber attacks. We foster relationships among more than 100 National CSIRTs worldwide by providing mechanisms for cooperation and collaboration among them, and we host an Annual Technical Meeting for CSIRTs with National Responsibility to discuss current issues, tools, and methods.

Deploy a Multilayered Approach to Cybersecurity

Organizations that have an established cyber incident response process have a higher level of operational resilience than other organizations. This process enables them to respond in evolving environments and avoid using ad-hoc measures to solve problems.

We support the development, coordination, assessment, and education of cybersecurity centers. Our training courses help the staff in these centers learn and implement best practices for building cybersecurity teams and managing cyber incidents. Our open source tools help the staff in these centers monitor the security of their networks, whether small or large. Our experts provide general and customer-specific cybersecurity algorithms, analytics, and tradecraft to all types of organizations.

We can evaluate cybersecurity centers to improve their effectiveness. Assessments can include capability gap analysis or focused architectural reviews. Both assessments result in targeted recommendations. We offer training and analytic development that we can customize to your cybersecurity center’s needs. You can also become a certified computer security incident handler.

Learn More

Incident Management Capability Assessment

Incident Management Capability Assessment

December 19, 2018 Technical Report
Audrey J. DorofeeRobin RuefleMark Zajicek

Managing incidents that threaten an organization's computer security is complex. The capabilities presented here provide a benchmark of incident management practices.

Resources for Creating a CSIRT

Resources for Creating a CSIRT

January 18, 2017 Collection

These resources help you to get started when creating a new CSIRT.

Authorized Users of CERT

Authorized Users of CERT

September 29, 2014 Brochure

This 2014 brochure describes the benefits of and process for becoming authorized to include CERT in your CSIRT's name.