Computer security incident response teams: are they legally regulated? The Swiss example.

Computer Security Incident Response Teams (CSIRTs) or Computer Emergency Response Teams (CERTs) are an integral part of incident handling capabilities and are increasingly demanded by organizations such as critical infrastructures. They can hold many different skills and are of great interest to organizations in terms of cyber security and, more concretely, cyber incident management. This contribution seeks to analyze the extent to which their activity is regulated under Swiss law, considering that private CSIRTs are not regulated in the same way as governmental and national CSIRTs such as the Computer Emergency Response Team of the Swiss government and official national CERT of Switzerland (GovCERT).