Misplaced Pages

#120879

8-406: A computer emergency response team ( CERT ) is an incident response team dedicated to computer security incidents . Other names used to describe CERT include cyber emergency response team , computer emergency readiness team , computer security incident response team ( CSIRT ), or cyber security incident response team . The name "Computer Emergency Response Team" was first used in 1988 by

16-464: A unified command system . Individual team members can be trained in various aspects of the response, either be it medical assistance/first aid, hazardous material spills, hostage situations, information systems attacks or disaster relief. Ideally the team has already defined a protocol or set of actions to perform to mitigate the negative effects of the incident. Incident response teams address two different types of incidents. The first of these types

24-522: A CSIRT. The histories of CERT and CSIRT, are linked to the existence of malware , especially computer worms and viruses . Whenever a new technology arrives, its misuse is not long in following. The first worm in the IBM VNET was covered up. Shortly after, a worm hit the Internet on 3 November 1988, when the so-called Morris Worm paralysed a good percentage of it. This led to the formation of

32-422: A clearly defined  chain of command . Examples include: Other teams that can be formed for response are ad hoc or volunteer groups. Many of these groups are created under the notion that the true first respondents are the civilians at the incident. Due to this these teams are generally made up of individuals that have jobs unrelated to the situation, but respond due to their proximity, or personal attachment, to

40-753: Is public. This covers larger incidents that affect a community as a whole, such as, natural disasters ( hurricane , tornado , earthquake , etc.), terrorism , large-scale chemical spills, and epidemics . The other type is organizational: this would be an incident that happens on a smaller scale and affects mostly just single company or organization. Examples of organizational incidents can include: bomb threats, computer incidents such as theft or accidental exposure of sensitive data, exposure of intellectual property or trade secrets, and product contamination. Predefined roles are typically filled with individuals who are formally trained and on standby at all times, during scheduled hours. These teams are organized by ranks with

48-534: The CERT Coordination Center (CERT-CC) at Carnegie Mellon University (CMU). The term CERT is registered as a trade and service mark by CMU in multiple countries worldwide. CMU encourages the use of Computer Security Incident Response Team (CSIRT) as a generic term for the handling of computer security incidents. CMU licenses the CERT mark to various organizations that are performing the activities of

56-563: The first computer emergency response team at Carnegie Mellon University under a U.S. Government contract. With the massive growth in the use of information and communications technologies over the subsequent years, the generic term 'CSIRT' refers to an essential part of most large organisations' structures. In many organisations the CSIRT evolves into an information security operations center . Incident response team Incident response team members ideally are trained and prepared to fulfill

64-453: The roles required by the specific situation (for example, to serve as incident commander in the event of a large-scale public emergency). As the size of an incident grows, and as more resources are drawn into the event, the command of the situation may shift through several phases. In a small-scale event, usually only a volunteer or ad hoc team may respond. In events, both large and small, both specific member and ad hoc teams may work jointly in

#120879