ITU‐T's Technical Reports And Specifications 205 Annex 2 SCC – CERT/CSIRT/SOC Definitions The term CERT (Computer Emergency Response Team) refers to a team of IT security experts whose main business is to respond to computer security incidents. The term CERT is a registered service mark of Carnagie Mellon University (CMU). The term CSIRT (Computer Security Incident Response Team) also refers to a team of IT security experts designated to respond to computer security incidents. This term, however, is more accurate since it reflects a broader array of security services provided, beyond reactive functions. Term like SOC (Security Operations Center) is also used. Although his name suggest mainly an operational responsibility, it is often tasked with similar broad duties as a corporate CERT or CSIRT. Description A CERT/CSIRT is an organization or team that provides services and support, to a defined constituency, for preventing, handling and responding to computer security incidents. This means that should work proactively as well as reactively and will play a critical role in the coordination of several subjects working like a bonding in order to provide a quick and effective response to any security issue. Objectives Enhance information security awareness. Build expertise in information security, incident management and computer forensics. Enhance the cyber security law and assist in the creation of new laws. Provide a central trusted point of contact for cyber security incident reporting and for general security issues. Establish a center to disseminate information about threats, vulnerabilities, and cyber security incidents. Coordinate with other domestic and international CERT/CSIRTs and related organizations. Share information and lesson learned with other CERT/CSIRT/response teams and appropriate organizations and sites. Become an active member of recognized security organizations and forums.