search menu icon-carat-right cmu-wordmark

Defining Computer Security Incident Response Teams

January 2007 White Paper
Robin Ruefle

In this paper, Robin Ruefle describes the purpose and goals of a computer security incident response team (CSIRT).




A computer security incident response team (CSIRT) is a concrete organizational entity (i.e., one or more staff) that is assigned the responsibility for coordinating and supporting the response to a computer security event or incident. CSIRTs can be created for nation states or economies, governments, commercial organizations, educational institutions, and even non-profit entities. The goal of a CSIRT is to minimize and control the damage resulting from incidents, provide effective guidance for response and recovery activities, and work to prevent future incidents from happening.