CERT, CSIRT

CSIRT/CERT refers to the computer security incident response team, a group of information security experts responsible for the protection against, detection of and response to an organisation’s cybersecurity incidents. A CERT may focus on resolving incidents such as data breaches and denial-of-service attacks as well as providing alerts and incident handling guidelines. A CERT often represents a particular community, conducts public awareness campaigns and engage in research aimed at improving security systems within the community.

Although CSIRT and CERT are often used intertwined, there is a distinct difference between the two. The term CERT is typically reserved for the predominant computer security organisations authorised by government authorities, while a CSIRT can be the general incident response team in any organisation. The National Cyber Security Center (NCSC) is the official national CERT of the Netherlands and is the main information point. The NCSC and the Netherlands have acknowledged several other communities as CERTs or OKTT (objectief kenbaar tot taak) that represent a specific sector, e.g., Z-Cert (hospitals), DefCERT (defense) and several CERTS for universities (including SURFcert) and large financial organisations. The CERT or OKTT indications allows the NCSC to share more valuable information about threats and vulnerabilities. Some organisations have an Information Security Operations Centre (ISOC or SOC) to operationally support the tasks of the CSIRT.

Related Keywords: Computer Emergency Response Team, Computer Security Incident Response Team, computer emergency readiness team, NCSC, OKTT, Landelijk Dekkend Stelsel