Team Types Within the Context of Services Frameworks

The Forum of Incident Response and Security Teams (FIRST) Services Frameworks have been developed for two team types: Computer Security Incident Response Teams (CSIRTs) and Product Security Incident Response Teams (PSIRTs). However, in 2022, experts in the global community discussed the need to define and conceptualize other team types (e.g., Security Operations Centers [SOCs] and Information Sharing and Analysis Centers [ISACs]) which are becoming increasingly vital for addressing urgent Cyber Insecurity. FIRST sees it as necessary to establish standard definitions for some of these team types. This resulted in a project with in the CSIRT SIG to define the following team types that provide information security incident management capabilities: Computer Security Incident Response Teams (CSIRTs), Information Sharing and Analysis Centers (ISACs), Product Security Incident Response Teams (PSIRTs), Security Operations Centers (SOCs).

The document / tool maps the developing and improved Services Frameworks, and sets out to define varying team types that handle security incidents, threats, and vulnerabilities. The current versions of both the CSIRT Services Framework and the PSIRT Services Framework are found on the document. The primary goal of CSIRT and PSIRT Services Frameworks is to help establish and improve team operations. These frameworks are intended to help teams identify and define their core categories of services and provide a standard set of terms and definitions to be used throughout the community Further, in recognizing that defining team types is a vital step in developing a common language for incident management capabilities and the entities that collaborate with them,  the document sets to out to discuss the terms and definitions of four additional incident response and security team types.