search menu icon-carat-right cmu-wordmark

Cybersecurity Center Development

Created August 2019

A cybersecurity center is a team of experts who mitigate threats by monitoring, detecting, and responding to incidents. These centers may take the form of computer security incident response teams (CSIRTs), security operations centers (SOCs), product security incident response teams (PSIRTs), National CSIRTs, or other similar incident management teams. Our experts in the CERT Division prepare these teams to effectively assess and manage cybersecurity incidents.

Tools, Methods, and Services

Organizations that have an established cyber incident response process have a higher level of operational resilience than other organizations. This process enables them to respond in evolving environments and avoid using ad-hoc measures to solve problems.

We support the development, coordination, assessment, and education of cybersecurity centers. Our training courses help the staff in these centers learn and implement best practices for building cybersecurity teams and managing cyber incidents. Our open source tools help the staff in these centers monitor the security of their networks, whether small or large. Our experts provide general and customer-specific cybersecurity algorithms, analytics, and tradecraft to all types of organizations.

We can evaluate cybersecurity centers to improve their effectiveness. Assessments can include capability gap analysis or focused architectural reviews. Both assessments result in targeted recommendations. We offer training and analytic development that we can customize to your cybersecurity center’s needs. You can also become a certified computer security incident handler.

Use of the CERT Mark and Graphic

CSIRTs that share our commitment to improving the security of networks connected to the Internet may apply for authorization to use the CERT mark in their names and use a special graphic on their website. In this way, they can indicate that their CSIRT is part of a network of teams that provide similar services. See Authorized Users of the CERT Mark.

APPLY TO USE MARK

Helping Organizations Protect Themselves

Working together is the most effective way to challenge cyber attacks. We foster relationships among more than 100 National CSIRTs worldwide by providing mechanisms for cooperation and collaboration among them, and we host an Annual Technical Meeting for CSIRTs with National Responsibility to discuss current issues, tools, and methods.

Beneficial to both new and established National CSIRTs, the meeting provides a forum for networking and collaboration. Discussions are participantdriven and often focus on current issues, tools, and methods relevant to the National CSIRT community. We also allocate some sessions for CSIRTs representatives to give presentations about their collaborative work or research. If your team is involved in a collaborative or unique project that would be of interest to other National CSIRTs, we encourage you to consider presenting.

International Community Resources

Our colleagues in the international community offer many valuable resources—including those linked below—on topics such as incident response and CSIRTS.

FIRST.org - The FIRST Site Visit Requirements and Assessment contains a list of requirements that can be used in building or benchmarking a team. The FIRST Services Frameworkprovides information on the capabilities and services a team can provide to its constituents.

GÉANT (formerly TERENA) - GÉANT provides general CERT and system security information, offers resources to help establish new and operate existing IRTs/CERTs, and supplies information about tools and software for intrusion detection and system security.

AusCERT - Periodically, AusCERT opens its doors to students who seek to augment their education with experience in a functioning CSIRT.

ENISA - The European Union Agency for Network and Information Security (ENISA) improves network and information security in the European Union (EU). ENISA helps the European Commission and EU member states meet the requirements of network and information security, including present and future EU legislation.

ITU - The International Telecommunication Union (ITU) conducts global partner events, publishes the Global Cybersecurity Index, helps National CSIRTs build their capacity, and provides resources on strategy and legislation.

NCSC - The National Cyber Security Centre (NCSC) Netherlands offers insight into cybersecurity threats, interests, and resilience. As part of its work, the NCSC publishes a CSIRT Maturity Kitto help CSIRTs increase their maturity level quickly and effectively.

Incident Management Capability Assessment

Incident Management Capability Assessment

December 19, 2018 Technical Report
Audrey J. DorofeeRobin RuefleMark Zajicek

Managing incidents that threaten an organization's computer security is complex. The capabilities presented here provide a benchmark of incident management practices.

read
Resources for Creating a CSIRT

Resources for Creating a CSIRT

January 18, 2017 Collection

These resources help you to get started when creating a new CSIRT.

view
Resources for Collecting Evidence and Forensics

Resources for Collecting Evidence and Forensics

January 18, 2017 Collection

This collection of resources provides information about basic forensic data collection, and forensic methodology.

view
Security and Ontology Resources

Security and Ontology Resources

January 12, 2017 Collection

This research explores controlled vocabularies, taxonomies, and ontologies to make progress toward a science of cybersecurity.

view
Incident Management Resources

Incident Management Resources

September 30, 2014 Collection

These resources cover many aspects of incident management in CSIRTs, NatCSIRTs, and beyond.

view
Authorized Users of CERT

Authorized Users of CERT

September 29, 2014 Brochure

This 2014 brochure describes the benefits of and process for becoming authorized to include CERT in your CSIRT's name.

read
Competency Development and Workforce Readiness

Competency Development and Workforce Readiness

August 27, 2014 Collection

The following publications relate to competency development and workforce readiness.

view

Related Courses

CERT Certificate in Digital Forensics

ONLINE

In today's networked world, it is essential for system and network administrators to understand the fundamental areas and the major issues in computer forensics. Knowledgeable first responders apply good forensic practices to routine administrative procedures and alert verification, and know how routine actions can adversely affect the forensic...

Register

Advanced Topics in Incident Handling

4 - Day Course

This four-day course, designed for computer security incident response team (CSIRT) and security operations center (SOC) technical personnel with several months of incident handling experience, addresses techniques for detecting and responding to current and emerging computer security threats and attacks. Building on the methods and tools...

Register

Creating a Computer Security Incident Response Team

1 - Day Course

This one-day course is designed for managers and project leaders who have been tasked with implementing a computer security incident response team (CSIRT). This course provides a high-level overview of the key issues and decisions that must be addressed in establishing a CSIRT. As part of the course, attendees will develop an action plan that can...

Register

Managing Computer Security Incident Response Teams

3 - Day Course

This three-day course provides current and future managers of computer security incident response teams (CSIRTs) with a pragmatic view of the issues that they will face in operating an effective team. The course provides insight into the work that CSIRT staff may be expected to handle. The course also provides prospective or current managers with...

Register

Overview of Creating and Managing CSIRTs

1 - Day Course

This one-day course provides a consolidated view of information that is contained in two other CERT courses: Creating a CSIRT and Managing CSIRTs. Its main purpose is to highlight best practices in planning, implementing, operating, and evaluating a computer security incident response team (CSIRT). The course will explore the relationship between...

Register