A Computer Security Incident Response Team is a dedicated group of security professionals responsible for detecting, analysing, containing and remediating cybersecurity incidents within an organisation. CSIRTs follow established incident response frameworks and maintain playbooks for common incident types such as malware infections, data breaches, denial-of-service attacks and insider threats.
Under the NIS2 directive, essential and important entities in the EU are required to have incident response capabilities and must report significant incidents to their national CSIRT within strict timeframes. Having a well-functioning CSIRT is also a key element of ISO 27001 compliance, supporting the requirements for incident management, business continuity and communication with stakeholders during security events.