National Computer Security Incident Response

Good Practices

Coordinate national incident response systems prevent, detect, deter, respond to and recover from cyber incidents. This system commonly includes one or more Computer Security Incident Response Teams (CSIRTs) with national responsibilities.

Nations and multilateral organizations with established national CSIRTs may mature their operations and broaden and strengthen their national and international information exchange of technical indicators and mitigation advices. National Cyber Security Centers may enable and encourage regional and sectorial initiatives to collectively strengthen cyber security-related ecosystems.

On a technical level, national CSIRTs preferably are well-connected with international communities. The global community may encourage nations to establish a national Computer Security Incident Response team capacity (CSIRT1) with national responsibility and coordination capabilities.

On a policy level, nations should identify their needs to establish and develop capacities, which will ensure incidents are communicated to the responsible entities, in order to provide the necessary information for decision making on a strategically level.