Argana Consulting GmbH 
Let's rather talk about how to solve the problems.

NIS-2 Directive Extract


Article 10 Computer Security Incident Response Teams (CSIRTs)

Each Member State shall designate or establish one or more CSIRTs. The CSIRTs may be designated or established within a competent authority. The CSIRTs shall fulfil the requirements set out in Article 11(1), cover at least the sectors, subsectors and types of entities referred to in Annexes I and II, and be responsible for handling security incidents in accordance with a well-defined operational procedure.


Article 15 CSIRT network

A network of national CSIRTs shall be established to help build trust and confidence between Member States and to promote rapid and effective operational cooperation between them.

The CSIRTs network shall be composed of representatives of the CSIRTs of the Member States designated or established in accordance with Article 10 and of the CERT-EU. The Commission shall participate in the CSIRTs network as an observer. ENISA shall provide secretariat services and active support for the cooperation between the CSIRTs.


Computer Security Incident Response Team (CSIRT)
A CSIRT (Computer Security Incident Response Team) is responsible for responding to and managing incidents related to information security. The exact responsibilities of a CSIRT may vary depending on the organisation and environment, but in general they include:

  • Incident detection: A CSIRT is responsible for detecting and tracking security-related events in a network or computer system.
  • Analysis of security incidents: When a security incident occurs, the CSIRT is responsible for investigating the incident to determine what happened, which systems and data are affected, and what measures need to be taken.
  • Responding to security incidents: A CSIRT coordinates the response to security incidents to minimise damage and restore normal operations as quickly as possible. This may include isolating affected systems, resetting passwords or patching vulnerabilities.
  • Preventing security incidents: A CSIRT is also responsible for taking measures to prevent future security incidents. This may include conducting security audits, implementing security policies and training employees.
  • Working with other teams: A CSIRT often works closely with other teams within the organisation, such as the IT team, the compliance team or the data protection team, to ensure that all security aspects are taken into account and that a coordinated approach is followed.

 

Computer Emergency Response Team (CERT)
A Computer Emergency Response Team (CERT) is a group of IT security experts responsible for identifying, analysing and managing IT security incidents. The tasks of a CERT can vary depending on the organisation, size and type of company, but in general they include:

  • Early detection of IT security problems: A CERT continuously monitors the network, systems and software to identify potential vulnerabilities and threats.
  • Investigating IT security incidents: If a security incident occurs, the CERT is responsible for investigating and analysing the incident to determine the cause and extent of the damage.
  • Developing and implementing security measures: A CERT develops security policies and procedures and ensures that these are implemented and adhered to within the organisation.
  • Responding to IT security incidents: When a security incident occurs, the CERT is responsible for coordinating the response to the incident in order to minimise the damage and ensure that the incident is reported appropriately.
  • Training and awareness: The CERT provides training and awareness programmes for employees and managers to raise awareness of IT security issues and promote best practices.

The main task of a CERT is to ensure IT security and to ensure that the company can respond quickly and effectively in the event of an IT security incident.


CSIRT vs. CERT
A Computer Emergency Response Team (CERT) and a Computer Security Incident Response Team (CSIRT) both have similar tasks and objectives, but there are some important differences between the two.

A CERT is usually a group of IT security experts responsible for identifying, analysing and managing IT security incidents. A CERT is a general term and can be used in different organisations and contexts. It can be an internal team within a company or an external organisation that assists organisations and individuals with IT security issues.

A CSIRT, on the other hand, is a specialised team within a CERT that focuses exclusively on responding to security incidents. CSIRTs are specialised teams that specialise in detecting, analysing and responding to cyber attacks and other IT security threats. They have special skills and technologies to respond to and manage IT security incidents.