CSIRT (Computer Security Incident Response Team)
Definition
A dedicated team responsible for coordinating the response to confirmed security incidents. The CSIRT manages containment, forensic investigation, communication to stakeholders, and recovery. It may be internal to an organisation or contracted externally. National CSIRTs (such as CERT-In in India or CISA in the US) also provide coordination across sectors.
Related terms
- Escalation Path
- The predefined chain of notification and decision-making authority that an incident follows as its severity increases. Documented in the IR plan before...
- Indicator of Compromise (IoC)
- An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
- SOC (Security Operations Centre)
- A function providing continuous monitoring, alert triage, and early detection of security events. The SOC is the first tier of response: it...
- Tactics, Techniques, and Procedures (TTPs)
- A three-level description of adversary behaviour. Tactics are the high-level goals (initial access, persistence, exfiltration). Techniques are the specific methods (spear-phishing, pass-the-hash)....
- Threat actor
- An individual or group responsible for a security incident or malicious campaign. Threat actors are categorised by motivation (financial, espionage, hacktivism, destruction)...
Explained in
- Key Terms and Stakeholders in Incident ResponseA dedicated team responsible for coordinating the response to confirmed security incidents. The CSIRT manages containment, forensic investigation, communicatio...