About CSIRTs

The AMPARO Project team and its Advisory Committee have reached consensus on the following definition: "A Computer Security Incident Response Team (CSIRT) is understood to be any team recognized by the management of its organization as responsible for managing computer security incidents within its scope and constituency."

These organizations must be capable of providing timely information on how to respond to different types of incidents; determining their impact, reach and nature; understanding their technical causes; investigating solutions; recommending, coordinating and providing support for the implementation of response strategies together with the affected parties; publishing information about the most frequent types of incidents and all relevant information that will allow being prepared to provide a response and mitigate the effects of an attack; coordinating and cooperating with other key players such as Internet Service Providers (ISPs), other security teams, etc.

The existence of these incident response teams may allow a quicker and more efficient diagnosis of the source of the problem, thus avoiding even greater damages to the affected company, users, or third-parties.

Those responsible for the creation and management of a CSIRT go through standardized training and are therefore prepared to act in a similar manner, allowing an efficient interaction with each other as well as with other organizations.

Although at regional level there are some relevant examples of the creation of CSIRTs, this practice is not widespread. In this sense, it is important to highlight the work of CERT.br. Not only has this organization been carrying out essential coordination and training tasks in Brazil since 1997, but it has also provided support and cooperation to the entire region, participating in different outreach and training activities throughout the region. Argentina (1999), Chile (2001) and Venezuela also have official CERTs, and there are also other very relevant initiatives in different countries (CSIRT ANTEL, Uruguay).