Cybersecurity Center Development
Created August 2019
A cybersecurity center is a team of experts who mitigate threats by monitoring, detecting, and responding to incidents. These centers may take the form of computer security incident response teams (CSIRTs), security operations centers (SOCs), product security incident response teams (PSIRTs), National CSIRTs, or other similar incident management teams. Our experts in the CERT Division prepare these teams to effectively assess and manage cybersecurity incidents.
Tools, Methods, and Services
Organizations that have an established cyber incident response process have a higher level of operational resilience than other organizations. This process enables them to respond in evolving environments and avoid using ad-hoc measures to solve problems.
We support the development, coordination, assessment, and education of cybersecurity centers. Our training courses help the staff in these centers learn and implement best practices for building cybersecurity teams and managing cyber incidents. Our open source tools help the staff in these centers monitor the security of their networks, whether small or large. Our experts provide general and customer-specific cybersecurity algorithms, analytics, and tradecraft to all types of organizations.
We can evaluate cybersecurity centers to improve their effectiveness. Assessments can include capability gap analysis or focused architectural reviews. Both assessments result in targeted recommendations. We offer training and analytic development that we can customize to your cybersecurity center’s needs. You can also become a certified computer security incident handler.
Use of the CERT Mark and Graphic
CSIRTs that share our commitment to improving the security of networks connected to the Internet may apply for authorization to use the CERT mark in their names and use a special graphic on their website. In this way, they can indicate that their CSIRT is part of a network of teams that provide similar services. See Authorized Users of the CERT Mark.
Helping Organizations Protect Themselves
Working together is the most effective way to challenge cyber attacks. We foster relationships among more than 100 National CSIRTs worldwide by providing mechanisms for cooperation and collaboration among them, and we host an Annual Technical Meeting for CSIRTs with National Responsibility to discuss current issues, tools, and methods.
Beneficial to both new and established National CSIRTs, the meeting provides a forum for networking and collaboration. Discussions are participantdriven and often focus on current issues, tools, and methods relevant to the National CSIRT community. We also allocate some sessions for CSIRTs representatives to give presentations about their collaborative work or research. If your team is involved in a collaborative or unique project that would be of interest to other National CSIRTs, we encourage you to consider presenting.
International Community Resources
Our colleagues in the international community offer many valuable resources—including those linked below—on topics such as incident response and CSIRTS.
FIRST.org - The FIRST Site Visit Requirements and Assessment contains a list of requirements that can be used in building or benchmarking a team. The FIRST Services Frameworkprovides information on the capabilities and services a team can provide to its constituents.
GÉANT (formerly TERENA) - GÉANT provides general CERT and system security information, offers resources to help establish new and operate existing IRTs/CERTs, and supplies information about tools and software for intrusion detection and system security.
ENISA - The European Union Agency for Network and Information Security (ENISA) improves network and information security in the European Union (EU). ENISA helps the European Commission and EU member states meet the requirements of network and information security, including present and future EU legislation.
ITU - The International Telecommunication Union (ITU) conducts global partner events, publishes the Global Cybersecurity Index, helps National CSIRTs build their capacity, and provides resources on strategy and legislation.
NCSC - The National Cyber Security Centre (NCSC) Netherlands offers insight into cybersecurity threats, interests, and resilience. As part of its work, the NCSC publishes a CSIRT Maturity Kitto help CSIRTs increase their maturity level quickly and effectively.
In today's networked world, it is essential for system and network administrators to understand the fundamental areas and the major issues in computer forensics. Knowledgeable first responders apply good forensic practices to routine administrative procedures and alert verification, and know how routine actions can adversely affect the forensic...
4 - Day Course
This four-day course, designed for computer security incident response team (CSIRT) and security operations center (SOC) technical personnel with several months of incident handling experience, addresses techniques for detecting and responding to current and emerging computer security threats and attacks. Building on the methods and tools...
1 - Day Course
This one-day course is designed for managers and project leaders who have been tasked with implementing a computer security incident response team (CSIRT). This course provides a high-level overview of the key issues and decisions that must be addressed in establishing a CSIRT. As part of the course, attendees will develop an action plan that can...
3 - Day Course
This three-day course provides current and future managers of computer security incident response teams (CSIRTs) with a pragmatic view of the issues that they will face in operating an effective team. The course provides insight into the work that CSIRT staff may be expected to handle. The course also provides prospective or current managers with...
1 - Day Course
This one-day course provides a consolidated view of information that is contained in two other CERT courses: Creating a CSIRT and Managing CSIRTs. Its main purpose is to highlight best practices in planning, implementing, operating, and evaluating a computer security incident response team (CSIRT). The course will explore the relationship between...