CyberSecurity incident response capability - CSIRT

Cyber incident reponse capability is referred to as the means of an organization to cope with a cyber incident. Usually organized in a dedicated CSIRT (CyberSecurity Incident Response Team) or a CERT (Cyber Emergency Response Team) has developed a procedure for dealing with incidents (leakages, break-ins, attacks, ...) being detected in the organization and taking the necessary measures to mitigate, prevent and respond. This dedicated team should be empowered to be in control to prevent additional loss, and to fight an attack as it happens. That means that they are required to have a good understanding of the infrastructure and have the necessary means to deflect, increase security, limit access and ensure forensic means to collect during an incident. They should be in direct response and interaction with the crisis management team. During normal operations they will support the organization Security Operations (SOC) Team onsite or remote in coping with day to day alarms, investigating their threat levels and managing with the investigation of minor incidents. 

More information on th organization of CSIRTS can be find with various sources such as : https://resources.sei.cmu.edu/asset_files/Handbook/2003_002_001_14102.pdf

A dedicated organization is working with different developments and challenges of the CSIRT and CERT teams moving forwards, called FIRST https://www.first.org/