Case Studies

One effective way for computer security incident response teams or other types of incident management functions to get started and to improve their performance is to read about what other similar teams have done. From time to time, the CSIRT Development and Training team publishes case studies of national information security teams to assist in this process. Links to our most recent case studies can be found below.


Colombia's internet penetration grew rapidly in the first decade of the century, from 3% in 2000 to 45% in 2009. The government soon realized that something had to be done about computer security, and after a thorough investigation of different possibilities, colCERT was born.


For many organizations, the preparations for dealing with the Y2K threat was a wake-up call that drew attention to internet security problems. Tunisia's tunCERT was catalyzed by that event. With limited resources, the team relied on a sophisticated, almost Cartesian development model.

Financial Institution

The number of computer and software vulnerabilities is growing, and the sophistication of attacks is increasing. Organizations need to develop a comprehensive plan to secure sensitive information and ensure the survivability of their critical infrastructure. This case study shares lessons learned by a financial institution as it developed and implemented both a plan to address security concerns and a CSIRT.

Learn How to Create a CSIRT

Creating a Computer Security Incident Response Team is a one-day course that describes the key issues and decisions that managers and project leaders must address when establishing a CSIRT.