Software Engineering Institute

This document provides a high-level overview of actions to take and topics to address when planning and implementing a Computer Security Incident Response Team (CSIRT). It also identifies some common problems teams may encounter in their implementation. The list draws on material presented in depth through CERT training courses and publications, and incorporates lessons learned by staff during their experiences planning and implementing CSIRTs. Use this list as a starting point to plan a CSIRT. More detailed information can be found in the list of resources at the end of this article.