Cybersecurity Center Development
Cybersecurity center development aims to increase the overall U.S. cybersecurity posture by developing, operationalizing, and improving government and industry organizations’ incident management capabilities so they can protect themselves from attacks and limit the damage and scope of attacks.
Cyber attacks pose significant risks to all organizations throughout the world, and when computer security incidents occur, organizations must respond quickly and effectively. Since organizations cannot completely prevent computer security incidents, they must mitigate the risks these attacks pose and be prepared to act when they do occur. It is critical that an organization responds to attacks quickly and effectively by recognizing, analyzing, and responding to incidents, thereby limiting damage and reducing recovery costs.
Critical to these incident response efforts are cybersecurity centers, which are teams of experts who mitigate threats by identifying, protecting, detecting, responding to, and recovering from incidents. These centers may take the form of computer security incident response teams (CSIRTs), security operations centers (SOCs), product security incident response teams (PSIRTs), CSIRTs of national responsibility, or other similar incident management teams. This international capacity building, information sharing, and global cyber workforce development are key efforts in the pursuance of U.S. objectives in cyberspace. The SEI prepares these cybersecurity center teams to effectively assess and manage cybersecurity incidents.
In the broader Internet community, [CSIRTs] form a "global network" from a diverse group of organizations and sectors, such as critical infrastructure, government, industry, and academia.
Angel Luis Hueca Senior Cybersecurity Operations Researcher
Protect Your Organization from Ever-Changing Cyber Attacks
Over the last two decades, the SEI has been significantly involved in developing and maturing incident response capabilities around the globe. SEI experts have produced numerous frameworks and methodologies for the creation, implementation, and development of incident response teams and SOCs.
SEI experts collaborate with the international incident response community, government stakeholders, private sector, academia, and relevant regional and international organizations to promote and advance the state of cybersecurity cooperation, build cybersecurity capacity, and promulgate security operations and incident response best practices.
SEI experts prepare incident response teams and SOCs to effectively assess and manage their organization’s cybersecurity incidents. Our experts also provide support in planning and developing capabilities and skills, and they network with other teams around the globe.
These activities allow the SEI to leverage its unique position and experience in the community to provide teams with targeted technical assistance and connect established peer organizations around the world. As an extension of this capacity building, the SEI develops and provides tailored workshops for managers, project leaders, technical staff, and computer forensic professionals. SEI experts provide practical and tabletop exercises, facilitated discussions, exchanges of best practices, and implementations of cybersecurity roadmaps.
To support national CSIRTs, members of the SEI’s CERT Division founded the Forum of Incident Response and Security Teams (FIRST), the premier organization and recognized global leader in incident response. Membership in FIRST enables incident response organizations to access a sizable network of peer organizations and best practices from all sectors. Through incident response and security operations development initiatives, the SEI works with the United States Government to support the efforts of teams to meet the FIRST criteria and achieve membership. In conjunction with annual FIRST conferences, the SEI hosts the Annual Technical Meeting for CSIRTs with National Responsibility (NatCSIRT).
What We Offer
Advanced Topics in Incident Handling
This four-day course, designed for technical personnel with several months of incident handling experience, addresses techniques for detecting and responding to current and emerging computer security threats and attacks.
Creating a Computer Security Incident Response Team
This one-day course provides a high-level overview of the key issues and decisions that must be addressed in establishing a CSIRT. Attendees will develop an action plan that can be used as a starting point in planning and implementing their CSIRT.
Foundations of Incident Management
This four-day course provides foundational knowledge for those in security-related roles who need to understand the functions of an incident management capability and how best to perform those functions.
Managing Computer Security Incident Response Teams
This three-day course provides current and future managers of computer security incident response teams (CSIRTs) with a pragmatic view of the issues that they will face in operating an effective team.
Overview of Creating and Managing CSIRTs
This one-day course highlights the best practices in planning, implementing, operating, and evaluating a computer security incident response team (CSIRT).
Assistance with implementing and improving sustainable incident response capabilities
We can help you assess how well your response capabilities are working, and we can help you improve how they function to achieve your mission and objectives.
Authorized use of the CERT mark
Computer security incident response teams (CSIRTs) that share the SEI's commitment to improving the security of networks connected to the Internet may apply for authorization to use the "CERT" mark in their names.
CSIRT Workforce Development
We help support the development of the global cybersecurity workforce through tailored capacity building and mentoring.
Guidance on CSIRT techniques and practices
We provide guidance for enhancing and tailoring state-of-the-art techniques and practices in the cyber threat information-sharing field.
Support for building an international network of CSIRTs
A CSIRT with National Responsibility (or "National CSIRT") is a CSIRT that has been designated by a country or economy to have specific responsibilities in cyber protection for the country or economy.
Join Us for
NATCSIRT Meeting 2023
June 2-3, 2023, Montreal, Canada
Since 2006, the SEI’s CERT Coordination Center has hosted an annual technical meeting specifically for National CSIRTs. This meeting, the Annual Technical Meeting of CSIRTs with National Responsibility, provides an opportunity for such organizations to meet and discuss the unique challenges of their roles. This annual meeting is held in coordination with the Annual FIRST Conference. Drawing technical staff from teams in more than 55 countries, the meeting provides a forum for networking and collaboration among this unique group of organizations.
Latest from the SEI Blog
SecOps Field Notes: Challenges of Assessing International SOC Teams During a Global Pandemic
May 30, 2022 • Blog Post
SecOps team members travel frequently to work with international organizations to build cyber capacity. In 2020, they had to adapt in response to the COVID-19 global...read
Cybersecurity Capacity Building with Human Capital in Sub-Saharan Africa
May 23, 2022 • Blog Post
Angel Luis Hueca
This post explores the creation of skilled cybersecurity human capital to solve real-life threats unique to the African...read
Our Vision for the Future of the Cyber Security Center Development
As the field of incident response continues to adapt to emerging threats, the SEI has expanded our work to continue supporting the growing field of cybersecurity. Capacity building includes continued mentorship, maturation of services, and guidance on cybersecurity policy and governance. The SEI is exploring new methods and mechanisms for information sharing and sector incident response development, including critical infrastructure sectors. It will also become increasingly important to incorporate cybersecurity and incident response planning into the architecture and development of Smart Cities, as well as considering how Artificial Intelligence (AI) and Machine Learning (ML) will apply to our work in resilience and incident response.
To learn more about this and other topics discussed in the Year in Review, visit resources.sei.cmu.edu and search for “2019 SEI Year in Review Resources.”