Page 215 - Shaping smarter and more sustainable cities - Striving for sustainable development goals
P. 215
Annex 2
SCC – CERT/CSIRT/SOC
Definitions
The term CERT (Computer Emergency Response Team) refers to a team of IT security experts
whose main business is to respond to computer security incidents. The term CERT is a registered
service mark of Carnagie Mellon University (CMU).
The term CSIRT (Computer Security Incident Response Team) also refers to a team of IT security
experts designated to respond to computer security incidents. This term, however, is more
accurate since it reflects a broader array of security services provided, beyond reactive functions.
Term like SOC (Security Operations Center) is also used. Although his name suggest mainly an
operational responsibility, it is often tasked with similar broad duties as a corporate CERT or
CSIRT.
Description
A CERT/CSIRT is an organization or team that provides services and support, to a defined
constituency, for preventing, handling and responding to computer security incidents.
This means that should work proactively as well as reactively and will play a critical role in the
coordination of several subjects working like a bonding in order to provide a quick and effective
response to any security issue.
Objectives
Enhance information security awareness.
Build expertise in information security, incident management and computer forensics.
Enhance the cyber security law and assist in the creation of new laws.
Provide a central trusted point of contact for cyber security incident reporting and for general
security issues.
Establish a center to disseminate information about threats, vulnerabilities, and cyber security
incidents.
Coordinate with other domestic and international CERT/CSIRTs and related organizations.
Share information and lesson learned with other CERT/CSIRT/response teams and appropriate
organizations and sites.
Become an active member of recognized security organizations and forums.
ITU‐T's Technical Reports And Specifications 205
