KM3 - Cyber diplomacy and international cooperation
KM4 - Cyber Incident Management
2 of 5

6. Who does the CSIRT serve?

A multistakeholder approach within a country and organisation is critical for the effective management of incidents.  The GFCE identifies the building of communities as a good practice that facilitates trusted information sharing and exchange of experience and knowledge.

Good practice: Build communities

A national CSIRT should invest time and continuous effort to build and maintain trust with its constituency and other stakeholders, both nationally and internationally. This can be achieved through constituency relationship management, targeted workshops, and joint exercises.

With cooperation and (relative) transparency, the CSIRT should strive to be a trustworthy, politically neutral, unbiased, and professional/technical partner in the national and international communities.

Reflection point

Using the ENISA Interactive Cybersecurity Institutional Map find out how actors in Europe are involved in functions within a community.

The constituent(s) of a CSIRT is the recipient or customer base of the CSIRT services. The team must, in its charters, mission statements, the concept of operations documents, or similar documents, clearly define its constituency. The team should understand its constituency so as to determine their needs, the assets they need to be protected, and what the interactions with the CSIRT would be.

The constituencies are the entities and communities for whom the CSIRT provides service and support.  The extent of the authority and responsibility of the CSIRT should be predetermined in its role and mandate.

There are different types of CSIRTs depending on the constituency served as indicated in Table 1 below:

SectorFocusTypical Constituents
Academic Sector CSIRTAcademic and educational institutions,such as universities or research facilities, and the campus Internet environments.University staff and students.
Commercial CSIRTCommercial services. This can be an independent organisation, an ISP, or managed services provider.Paying customers
CIP/CIIP Sector CSIRT
Critical Information Protection and/or Critical Information and Infrastructure Protection. This covers the IT of all critical sectors in a country.Government, critical sectors andcitizens.
Governmental Sector CSIRTThe government itself. Government agencies.
Internal CSIRT/Security Operation Centre (SOC)The hosting organisation itself. Internal staff and IT department.
Military Sector CSIRTMilitary organizations with responsibilitiesin IT infrastructure.Staff of military institutions and closelyrelated entities such as the Ministry
National CSIRT

National focus, considered as the centralsecurity point of contact.No direct constituents, although aNational CERT is sometimes combinedwith a Governmental CERT
Small & Medium Enterprises (SME) Sector CSIRTThis is a self-organised CSIRT to provideservices to its own business branch orsimilar user group.The SMEs and their staff
Vendor CSIRT/PSIRTVendor-specific products, usually to address vulnerabilities or advise onspecific attack mitigations.A common acronym is PSIRT, or Product Security Incident Response Team Product owners
Table 1: Types of CSIRTs and Constituents Source: ENISA A step-by-step approach on how to set up a CSIRT

New post

Your email address will not be published. Required fields are marked *

Post a comment
Skip to content