Computer Emergency Response Team (CERT)

Security+ 🏆 • Security Operations 🛡️ • Difficulty: premium

Definition

A Computer Emergency Response Team is the organized group that prepares for, coordinates, and leads the response to cybersecurity incidents—detecting, containing, eradicating, and recovering while communicating with stakeholders and learning from each event.

Examples

A phishing campaign hits the company. The CERT coordinates with the SOC to block domains, resets affected accounts, briefs executives, and publishes a user advisory the same day.
Ransomware detonates on a file server. CERT isolates the subnet, engages forensics, restores from clean backups, and issues a post-incident report with hardening actions.

Discover 🔎

CERT is the team you rely on when something goes wrong. It turns chaos into a structured response: who leads, what to do first, who to inform, and how to recover safely. Beyond firefighting, a good CERT also prepares the organization—writing playbooks, running exercises, and making sure logging, backups, and access controls are ready before an incident.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.