A computer emergency response team (CERT) is an expert group that handles computer security incidents. Alternative names for such groups include computer emergency readiness team and computer security incident response team (CSIRT).
The name "Computer Emergency Response Team" was first used in 1988 by the CERT Coordination Center (CERT-CC) at Carnegie Mellon University (CMU). The abbreviation CERT of the historic name was picked up by other teams around the world. Some teams took on the more specific name of CSIRT to point out the task of handling computer security incidents instead of other tech support work, and because CMU was threatening to take legal action against individuals or organisations who referred to any other team than CERT-CC as a CERT. After the turn of the century, CMU relaxed its position, and the terms CERT and CSIRT are now used interchangeably.
The history of CERTs is linked to the existence of malware, especially computer worms and viruses. Whenever a new technology arrives, its misuse is not long in following. The first worm in the IBM VNET was covered up. Shortly after, a worm hit the Internet on 3 November 1988, when the so-called Morris Worm paralysed a good percentage of it. This led to the formation of the first computer emergency response team at Carnegie Mellon University under U.S. Government contract. With the massive growth in the use of information and communications technologies over the subsequent years, the now-generic term 'CERT'/'CSIRT' refers to an essential part of most large organisations' structures. In many organisations the CERT evolves into a information security operations center.
The Forum of Incident Response and Security Teams (FIRST) is the global association of CSIRTs.