Computer Security Incident Response Team (CSIRT)

By Julio
2 min

This page is inspired by GitLab’s https://handbook.gitlab.com/handbook/security/security-operations/sirt/ page.

Our Mission

Our mission is to protect and defend against cybersecurity threats, ensuring the confidentiality, integrity, and availability of our digital assets. We proactively detect, analyze, and respond to security incidents, providing expert guidance to prevent future threats. Through continuous monitoring, threat intelligence sharing, and rapid incident response, we work to minimize risks and strengthen our overall security posture.

The Team

At Rocket.Chat, our CSIRT (Computer Security Incident Response Team) consists of all security team members and is led by the Defensive Security Engineer. Given the size of our team, we believe it's most effective to involve everyone. We’ve also found that having a diverse range of expertise - such as Offensive Security Engineers, AppSec Engineers, and others - helps us quickly identify the root cause of security incidents and respond effectively.

When responding to an incident, we may also bring in specialists from other teams as needed. For example, Site Reliability Engineers (SREs) and Software Engineers may be required due to their specific expertise. These temporary team members may be granted privileged access to systems and security tools during the incident, but only with approval from the Incident Response Commander and the Head of Security.

Incident Response Plan (IRP)

Rocket.Chat’s Incident Response Plan (IRP) is currently public and can be accessed at Incident Response Plan (IRP).

Post-Mortem Access

Each incident will be documented in a post-mortem report. This report will initially be restricted to the security team but can be shared with relevant stakeholders if necessary. The post-mortem may also be used for security training purposes or made available to the company for transparency, provided it is approved by the Head of Security.

Engaging CSIRT

If you need to contact our CSIRT, you can send an email to security@rocket.chat or send a message on #rocketchat-security.

Β 

Related content