CSIRT or Computer Security Incident Response Team is an operational security team that intervenes with organizations (companies, administrations) as soon as a security incident is reported.
Its role is then to analyze the incident and deploy the appropriate actions to contain/resolve it. Its team also plays a preventive role through regular cyber monitoring (or CTI). This allows his team to monitor the state of the threat, to assess the vulnerabilities of the organizations under his responsibility, and if necessary, to propose defensive countermeasures to anticipate the threat. CSIRTs typically have a range of skills and expertise, including computer forensics, network security, and incident management.
In the cyber world, there are different types of CSIRTs, namely:
- Internal CSIRTs whose activities are entirely dedicated to companies, large groups operating in various sectors of activity. Among them is the CSIRT BNP Paribas (CSIRT of the BNP Paribas group). Some of them use the name CERT*, like Société Générale (CERT-Société générale), the SNCF (CERT-SNCF), La Poste (CERT La Poste)… In France, there are more than forty certified CERTs.
- The so-called commercial CSIRTs, which are outsourced CSIRTs whose activity is to offer companies cyber monitoring, forensics, intrusion testing and incident response services.
- Government CSIRTs whose mission is to prevent and react to cyber incidents affecting public or state administrations. In France, there is, for example, the CERT-FR dedicated to the French administration sector, the Health CERT assigned to the health sector. And more recently, the Regional CSIRTs that work with local authorities, associations but also SMEs and ETIs established in the regions.
You can consult other glossaries: