------- =_aaaaaaaaaa0 Content-Type: text/plain; charset="us-ascii" > There is a group called FIRST that has an annual week-long seminar on > computer and network security. Provides an excellent introduction for > people new to the field and updates on current tools and intrusions for > those who have some experience. Usually their seminar is in USA, but > once in a while is overseas. > > I any details, but I think CERT does something similar. Ahem. FIRST is the Forum of Incident Response and Security Teams. It is an international association of teams, including CERT, CIAC, DISA ASSIST, NASIRC, the response groups at Sun, HP, IBM, Sprint, MCI, Purdue, and more. It has been around for several years. The homepage for FIRST is http://www.first.org Normally, FIRST activities are for member organizations. This includes some coordination of response to incidents, sharing information about problems, and sharing of tools (in theory). Once a year, FIRST sponsors a workshop on incident response. This is open to everyone, and generally involves tutorials, panels, exercises, tools sessions, and more. It especially includes informative updates on security trends, legal actions, and how to form an effective response team. Last year, the workshop was held in Germany, and the year before, in Boston. In 1996, it will be held in California, and in 1997, it will be held in Australia. Enclosed, you will find a copy of the CFP for the 1996 workshop. If you have something you think worth submitting, please do so -- it only requires that you submit an abstract. If you are seriously part of the response community or want to be a serious part of that community, then you ought to consider registering to attend. It is *the* premier gathering of its kind for incident response. --spaf ------- =_aaaaaaaaaa0 Content-Type: text/plain; charset="us-ascii" Content-Description: FIRST Workshop CFP *************************************************************** * * * Forum of Incident Response and Security Teams (FIRST) * * * * Eighth Annual Computer Security Incident Handling Workshop * * * * Santa Clara Convention Center, Santa Clara, California, USA * * * * Sunday 28-Jul-1996 to Wednesday 31-Jul-1996 (inclusive) * * * *************************************************************** C A L L F O R P A P E R S Submission Deadline: 15-Jan-1996!! "After the Internet - then What?" The changing nature of incidents and our ability to respond Since November 1988, there has been an almost continuous stream of security related incidents that have affected thousands of computer systems and networks throughout the world. To address this threat, government and private sector Incident Response Teams in North America, Europe, Asia, and Australia banded together to exchange information and assist each other in coordinating response activities around the globe. This coalition is known as the Forum of Incident Response and Security Teams (FIRST). The annual Incident Handling Workshop is part of FIRST's ongoing program of education and raising awareness for its members and others. Format: The workshop consists of one day of parallel tutorial style presentations, one day of conference paper style presentations, one day of workshop style presentations, and will include the FIRST business sessions and a number of ad-hoc "birds of a feather" sessions. All sessions will be selected to further the causes of FIRST and its members. This may involve topics such as incident handling, team and incident coordination, tools, international issues, or work in progress. A list of example topics can be found at the end of this announcement. Contributions to the program are being sought in the following formats: Tutorials: Half or full day tutorials proposals will be entertained. Papers: Written papers may be as long as desired, but presentations shall be limited to 30 minutes each. Workshop: These informal sessions should involve more "hands-on" presentation styles, or provide significant audience discussion with the aim of resolving particular issues. The sessions may be one to one and a half hours long. Panel Sessions on a particular topic will be acceptable. Submissions should include an abstract, proposed length, and single page of rough notes detailing the content and style of the presentation. Special audio/visual requirements should be highlighted at this point. Panel session proposals should include a list of panelists that have agreed to participate. Submissions should be sent to the contact address given at the end of this Call for Papers. The preferred submission mechanism is via Electronic Mail in ASCII, HTML, or Postscript formats, but submissions via Facsimile transmission or the Postal Service will be accepted. Submissions must be received by 15-Jan-1996. Submissions received after this date may not be considered for inclusion in the program. Authors will be notified by 29-Jan-1996 of acceptance (or otherwise) of the presentation. All materials used during the presentation (overheads, papers, slides) shall be completed and available by 1-May-1996 for inclusion in the proceedings. Who should attend? Any person who is responsible for the coordination of computer security incidents will benefit from attendance at this workshop. This may include both members and non-members of FIRST, law enforcement, consultants, contractors, vendors, and incident response teams. Why attend? Increasingly the Internet is being used by commercial organisations, governments, and other non-academic based organisations. Incident Handling must change as the user base on the Internet changes character. This workshop will provide a unique opportunity to meet and listen to most of the people who are performing computer security incident and vulnerability response work on the Internet. This group of experts will share knowledge and experience relating to the successful coordination of incidents, and how to resolve incidents across international boundaries. There is no other workshop dedicated to this topic in the world. Vital Dates: Abstract/Proposals Due: 15-Jan-1996 Authors Notified: 29-Jan-1996 Full Materials for Proceedings Due: 1-May-1996 Email: f96-prog@first.org WWW: A pointer to the Workshop WWW page will be placed in the FIRST home page in the near future. The FIRST home page can be found at: http://www.first.org/first/ Program Committee: Danny Smith, AUSCERT, Australia (Program Chair) Sandy Sparks, CIAC, USA (Co-chair) Wietse Venema, Eindhoven University of Technology, Netherlands (Co-chair) Wolfgang Ley, DFN-CERT, Germany Luke O'Connor, DSTC, Australia Gene Spafford, Purdue University, USA Don Stikvoort, CERT-NL, Netherlands Moira West-Brown, CERT Coordination Center, USA Conference Location: Santa Clara Convention Center, Santa Clara, California, USA Dates: Sun 28-Jul-1996 - tutorials (parallel streams) Mon 29-Jul-1996 to Weds 31-Jul-1996 (workshop). Conference Hosts: CIAC, Department of Energy SUN Microsystems Silicon Graphics Hewlett Packard FIRST Contact Information: Electronic Mail: f96-prog@first.org Postal Address: Attn: Danny Smith AUSCERT c/- Prentice Centre The University of Queensland Brisbane, Qld. 4072. Australia Facsimile: +61 7 3365 4477 Mark as Attention to: Danny Smith Subject: FIRST 1996 Workshop Example Topics (other topics may be considered): Programming Securely Vulnerability/Advisory Processes How to Protect an Incident Response Team Site International Legal Issues Vendor Session Statistic Tools Interviewing/Hiring Incident Response Team Staff Intrusion/Vulnerability Detection Tools System/Network Monitoring Tools Informational Resources Legal and Administrative Issues in Incident Handling Coordinating International Incidents Incident Handling and the Internet Preventing Incidents The Changing Nature of the "hack" New Tools for Incident Handling Security on Large Networks other than the Internet ------- =_aaaaaaaaaa0--