The lifecycle of a CERT / CSIRT

The Dutch GvIB (Society of Information Security Practioneers) has released a new expertbrief about internal Computer Emergency Response Teams (CERT) or Computer Security Incident Response Teams (CSIRT). Experts of various Dutch organizations have joined efforts to share knowledge and make it available to the public. Organizations may use this insightful article to better set up and run an internal CERT.

Questions adressed are:

• What is needed to set up a CERT within an organization in an effective and efficient way?


• What is the life cycle of an internal CERT?


• Eventually, will an internal CERT become superfluous?
  

Especcially the last question throws a new light on the role of a CERT in an organization. Will a CERT, dependant on the way it is set-up, help to prepare an IT-support department for incidents and make it more responsive? How must a CERT operate to make this happen and will they? Or will it always be the conservative, aiming for repeatable processes IT-department versus the cowboys? Read the paper and let me know what you think.

-- Aart

Update: the paper has been translated in English and published recently.