Computer Security Incident Response Team (CSIRT)

Computer Security Incident Response Team (CSIRT)

A unique network of sub-regional CSIRT dedicated to the Financial Sector delivers cybersecurity incident management services with high level skills, proximity and reactivity.

Incident management is critical to improve cyber-resilience: While it is virtually impossible to preclude intrusions, it is possible to improve prevention, detection and remediation to limit their consequences:

  • Forensic investigations to understand the threats and attacks by analyzing the real life practices of hackers, prepare legal evidences and clean the infected systems to prepare for recovery after an incident,
  • Detection rules are to be permanently elaborated and updated to match hackers' ever evolving techniques, tools and modus operandi,
  • Define the processes and train the organizations to react efficiently to incidents.

The CSIRT are operated by selected private sector partners and supported by the ACRC regional teams, in particular the Information Sharing and Analysis Centre (ISAC).

The CSIRT is also intimately linked to the Security Operation Centre (SOC).