ABSTRACT
In this chapter, we will examine the requirements for a captive in-house investigative team. These cyber “SWAT teams” are referred to as Computer Incident Response Teams (CIRTs), Computer Security Incident Response Teams (CSIRTs), or Computer Emergency Response Teams (CERTs). Most organizations prefer the CIRT over CERT, largely because CERT is now a registered trademark of the official CERT at Carnegie-Mellon University. In some cases, organizations may use an Initial Incident Response Team (IIRT) in order to carry out the triage activities mentioned in previous chapters and described later in this chapter. These teams may serve as risk and evaluation specialists, with additional training in evidence protection.
