CSIRT and CERT Explained Flashcards
CSIRT and CERT Explained
With the number of cyber-attacks that happen daily, many companies and governmental bodies needed to develop a team of specialized individuals that could respond to these attacks. That is where the Cyber Emergency Response Team (CERT) or Cyber Security Incident Response Team (CSIRT) was introduced. Their core responsibilities are coordinating and responding to IT security incidents and determining how these incidents can impact the organization or government entity. CSIRTs often contain key stakeholders from different business units, such as; infrastructure, networking, legal and public relations, communications, security, and more, providing the CSIRT the ability to address all aspects of the company in an emergency.
Why are they important?
CSIRTs are important because they provide vital functions in our digital world. For most businesses, this is divided into:
Having a central communication point or command center where all incident information is handled.
Promotes Security Awareness and Training (Such as Phishing Exercises) for a company.
Act as the emergency contact group for an organization in all things related to cybersecurity.
Investigate new security vulnerabilities and threats and develop plans to mitigate and respond to these incidents if exploited at their company.
Determine the MTTR & MDT for a company’s assets.
Provide useful information to other CSIRTs and the Cyber Security community.
Public vs Private
Since the creation of CERTs and CSIRTs, a lot of confusion has surrounded how they are named. Many organizations tend to use different names such as CERT, Security Incident Response Team (SIRT), Incident Response Team (IRT), or Computer Security Incident Response Centre (CSIRC), but they all describe an organization that has the same goals. The term CERT has often been used to describe teams in countries such as Australia (AusCERT), Brazil (CERT.br), New Zealand (CERTNZ), South Korea (KrCERT), the United Kingdom (CERT-UK), and the United States (US-CERT). The term CSIRT is more often associated with teams that businesses adopt for internal cybersecurity breaches and are not designated as nationally recognized response teams.
Case Study: New Zealand Cert
Since CERTs started to develop in the early 2000s, most developed countries contain some type of government-sponsored CERTs. The goal of these CERTs is to protect businesses and individuals in their home country, as well as to help other CERTs respond to incidents where their people could be affected. Many of these CERTs try to maintain visibility to the public and publish quarterly and annual reports on both the activity that was reported and what they have done to respond to issues. A great example of this is the New Zealand CERT. They publish annual reports that detail incidents that they saw for that year, as well as ways they responded to them. Below is an example of an infographic on their website: