CSIRT
Definition
Computer Security Incident Response Team. The organisational unit responsible for preparing for, detecting, coordinating, and resolving security incidents. Sometimes called CERT (Computer Emergency Response Team) or CIRT (Computer Incident Response Team) depending on the organisation.
Related terms
- FIRST
- Forum of Incident Response and Security Teams. A global membership organisation that sets standards for CSIRT capability and facilitates trusted information sharing...
- Legal liaison
- The CSIRT role responsible for advising on legal obligations during an incident: evidence preservation requirements, breach notification deadlines, law enforcement engagement, and...
- National CERT
- A government-operated or government-designated team responsible for coordinating cyber incident information at the national level. Examples include CERT-In (India), CISA (US), NCSC...
- Retainer agreement
- A contract between an organisation and an external IR firm that guarantees a defined response time and service scope in exchange for...
- Team lead
- The person who owns the incident response process during an active incident. The team lead coordinates analyst tasks, manages escalation to leadership,...
Explained in
- Building a Computer Security Incident Response TeamComputer Security Incident Response Team. The organisational unit responsible for preparing for, detecting, coordinating, and resolving security incidents. Som...