Re: Introduction (.. To security )
Gene Spafford (spaf@cs.purdue.edu)
Sat, 25 Nov 1995 17:01:22 -0500
------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
> There is a group called FIRST that has an annual week-long seminar on
> computer and network security. Provides an excellent introduction for
> people new to the field and updates on current tools and intrusions for
> those who have some experience. Usually their seminar is in USA, but
> once in a while is overseas.
>
> I any details, but I think CERT does something similar.
Ahem.
FIRST is the Forum of Incident Response and Security Teams. It is an
international association of teams, including CERT, CIAC, DISA ASSIST,
NASIRC, the response groups at Sun, HP, IBM, Sprint, MCI, Purdue, and
more. It has been around for several years. The homepage for FIRST
is http://www.first.org
Normally, FIRST activities are for member organizations. This
includes some coordination of response to incidents, sharing
information about problems, and sharing of tools (in theory).
Once a year, FIRST sponsors a workshop on incident response. This is
open to everyone, and generally involves tutorials, panels, exercises,
tools sessions, and more. It especially includes informative updates
on security trends, legal actions, and how to form an effective
response team. Last year, the workshop was held in Germany, and the
year before, in Boston. In 1996, it will be held in California, and
in 1997, it will be held in Australia.
Enclosed, you will find a copy of the CFP for the 1996 workshop. If
you have something you think worth submitting, please do so -- it only
requires that you submit an abstract. If you are seriously part of
the response community or want to be a serious part of that community,
then you ought to consider registering to attend. It is *the* premier
gathering of its kind for incident response.
--spaf
------- =_aaaaaaaaaa0
Content-Type: text/plain; charset="us-ascii"
Content-Description: FIRST Workshop CFP
***************************************************************
* *
* Forum of Incident Response and Security Teams (FIRST) *
* *
* Eighth Annual Computer Security Incident Handling Workshop *
* *
* Santa Clara Convention Center, Santa Clara, California, USA *
* *
* Sunday 28-Jul-1996 to Wednesday 31-Jul-1996 (inclusive) *
* *
***************************************************************
C A L L F O R P A P E R S
Submission Deadline: 15-Jan-1996!!
"After the Internet - then What?"
The changing nature of incidents and our ability to respond
Since November 1988, there has been an almost continuous stream of security
related incidents that have affected thousands of computer systems and
networks throughout the world. To address this threat, government and
private sector Incident Response Teams in North America, Europe, Asia, and
Australia banded together to exchange information and assist each other in
coordinating response activities around the globe. This coalition is known
as the Forum of Incident Response and Security Teams (FIRST).
The annual Incident Handling Workshop is part of FIRST's ongoing program of
education and raising awareness for its members and others.
Format:
The workshop consists of one day of parallel tutorial style presentations,
one day of conference paper style presentations, one day of workshop style
presentations, and will include the FIRST business sessions and a number of
ad-hoc "birds of a feather" sessions.
All sessions will be selected to further the causes of FIRST and its
members. This may involve topics such as incident handling, team and
incident coordination, tools, international issues, or work in progress.
A list of example topics can be found at the end of this announcement.
Contributions to the program are being sought in the following formats:
Tutorials: Half or full day tutorials proposals will be entertained.
Papers: Written papers may be as long as desired, but presentations
shall be limited to 30 minutes each.
Workshop: These informal sessions should involve more "hands-on"
presentation styles, or provide significant audience
discussion with the aim of resolving particular issues.
The sessions may be one to one and a half hours long.
Panel Sessions on a particular topic will be acceptable.
Submissions should include an abstract, proposed length, and single page of
rough notes detailing the content and style of the presentation. Special
audio/visual requirements should be highlighted at this point. Panel
session proposals should include a list of panelists that have agreed to
participate. Submissions should be sent to the contact address given at
the end of this Call for Papers. The preferred submission mechanism is via
Electronic Mail in ASCII, HTML, or Postscript formats, but submissions via
Facsimile transmission or the Postal Service will be accepted. Submissions
must be received by 15-Jan-1996. Submissions received after this date may
not be considered for inclusion in the program.
Authors will be notified by 29-Jan-1996 of acceptance (or otherwise) of the
presentation. All materials used during the presentation (overheads,
papers, slides) shall be completed and available by 1-May-1996 for
inclusion in the proceedings.
Who should attend?
Any person who is responsible for the coordination of computer security
incidents will benefit from attendance at this workshop. This may include
both members and non-members of FIRST, law enforcement, consultants,
contractors, vendors, and incident response teams.
Why attend?
Increasingly the Internet is being used by commercial organisations,
governments, and other non-academic based organisations. Incident Handling
must change as the user base on the Internet changes character.
This workshop will provide a unique opportunity to meet and listen to most
of the people who are performing computer security incident and
vulnerability response work on the Internet. This group of experts will
share knowledge and experience relating to the successful coordination of
incidents, and how to resolve incidents across international boundaries.
There is no other workshop dedicated to this topic in the world.
Vital Dates:
Abstract/Proposals Due: 15-Jan-1996
Authors Notified: 29-Jan-1996
Full Materials for Proceedings Due: 1-May-1996
Email:
f96-prog@first.org
WWW:
A pointer to the Workshop WWW page will be placed in the FIRST home page in
the near future. The FIRST home page can be found at:
http://www.first.org/first/
Program Committee:
Danny Smith, AUSCERT, Australia (Program Chair)
Sandy Sparks, CIAC, USA (Co-chair)
Wietse Venema, Eindhoven University of Technology, Netherlands (Co-chair)
Wolfgang Ley, DFN-CERT, Germany
Luke O'Connor, DSTC, Australia
Gene Spafford, Purdue University, USA
Don Stikvoort, CERT-NL, Netherlands
Moira West-Brown, CERT Coordination Center, USA
Conference Location:
Santa Clara Convention Center, Santa Clara, California, USA
Dates:
Sun 28-Jul-1996 - tutorials (parallel streams)
Mon 29-Jul-1996 to Weds 31-Jul-1996 (workshop).
Conference Hosts:
CIAC, Department of Energy
SUN Microsystems
Silicon Graphics
Hewlett Packard
FIRST
Contact Information:
Electronic Mail: f96-prog@first.org
Postal Address: Attn: Danny Smith
AUSCERT
c/- Prentice Centre
The University of Queensland
Brisbane, Qld. 4072.
Australia
Facsimile: +61 7 3365 4477
Mark as Attention to: Danny Smith
Subject: FIRST 1996 Workshop
Example Topics (other topics may be considered):
Programming Securely
Vulnerability/Advisory Processes
How to Protect an Incident Response Team Site
International Legal Issues
Vendor Session
Statistic Tools
Interviewing/Hiring Incident Response Team Staff
Intrusion/Vulnerability Detection Tools
System/Network Monitoring Tools
Informational Resources
Legal and Administrative Issues in Incident Handling
Coordinating International Incidents
Incident Handling and the Internet
Preventing Incidents
The Changing Nature of the "hack"
New Tools for Incident Handling
Security on Large Networks other than the Internet
------- =_aaaaaaaaaa0--