210-255 · Question #136
Which CSIRT category provides incident handling services to their parent organization such as a bank, a manufacturing company, a university, or a federal agency?
The correct answer is A. internal CSIRT. An internal CSIRT provides incident handling services exclusively to its own parent organization, such as a bank, university, or federal agency.
Question
Which CSIRT category provides incident handling services to their parent organization such as a bank, a manufacturing company, a university, or a federal agency?
Options
- Ainternal CSIRT
- Bnational CSIRT
- Ccoordination centers
- Danalysis centers
- Evendor teams
- Fincident response providers
How the community answered
(25 responses)- A88% (22)
- C4% (1)
- D4% (1)
- F4% (1)
Why each option
An internal CSIRT provides incident handling services exclusively to its own parent organization, such as a bank, university, or federal agency.
An internal CSIRT - also called an organizational CSIRT - is established within and serves only the parent organization to which it belongs, handling incidents that affect that organization's systems, networks, and data. It operates under the authority and funding of the parent organization and is staffed by its own personnel. This model is used by corporations, universities, and government agencies to manage their IR capabilities entirely in-house.
A national CSIRT serves as the primary IR point of contact for an entire country, not a single parent organization.
Coordination centers coordinate IR activities and information sharing across multiple organizations or sectors rather than directly handling incidents for one parent organization.
Analysis centers focus on synthesizing data from many sources to identify trends and attack patterns, not on providing direct incident handling to a specific organization.
Vendor teams handle vulnerability disclosures and incidents related to their own commercial products and services, not internal incidents within a specific parent organization.
Incident response providers are commercial entities that sell IR services to multiple paying clients, meaning they do not belong to or exclusively serve a single parent organization.
Concept tested: CSIRT types and organizational constituency scope
Source: https://www.sei.cmu.edu/education-outreach/computer-security-incident-response-teams/national-csirts/
Topics
Community Discussion
No community discussion yet for this question.