10th Annual FIRST Workshop, Conference, and General Meeting

The 10th Annual FIRST Conference and Workshop on
Computer Security Incident Handling and Response

June 21 to June 26, 1998
Monterrey, Mexico

Schedule

If your browser does not support tables, then please read this version without tables.

The will be an additional meeting on Saturday, June 20 (13:00 - 18:00) to discuss changes of the FIRST Operational Framework. For more details see the Meeting Announcement.

Sunday, June 21, 1998

19:00 - 21:00 On-Site Registration
19:00 - 21:00 Icebreaker and Early Arrival Get-Together

Monday, June 22, 1998

08:00 - On-Site Registration
09:00 - 10:30 Tutorial Track 1: Establishing an Incident Response Team (full day tutorial)
Instructors: Sandy Sparks (CIAC), Kathy Fithen (CERT-CC), Marianne Swanson (NIST), Pat Zechman (SAIC)
09:00 - 10:30 Tutorial Track 2: Developments in Internet and Web Liability Internationally
Instructor: William J. Cook (Brinks Hofer Gilson & Lione, Intellectual Property Attorneys)
10:30 - 11:00 Refreshment Break
11:00 - 12:00 Tutorial Track 1: Establishing an Incident Response Team (continued)
11:00 - 12:00 Tutorial Track 2: Computer Virus Operations and Detection
David L. Crawford (Lawrence Livermore National Laboratory)
12:00 - 14:00 Lunch Break
14:00 - 15:30 Tutorial Track 1: Dealing with Law Enforcement Agencies
Instructors: Stephen P. Heymann (Assistant United States Attorney), Steve Romig (Ohio State University), Peter Garza (Naval Criminal Investigative Service)
14:00 - 15:30 Tutorial Track 2: Computer Virus Operations and Detection (continued)
15:30 - 16:30 Refreshment Break
16:30 - 17:30 Tutorial Track 1: Dealing with Law Enforcement Agencies (continued)
16:30 - 17:30 Tutorial Track 2: Computer Virus Operations and Detection (continued)

Tuesday, June 23, 1998

08:00 - On-Site Registration
09:00 - 09:30 Welcoming Remarks
09:30 - 10:30 Keynote Address
Michael Vatis (Deputy Assistant Director, Chief of the National Infrastructure Protection Center)
10:30 - 11:00 Refreshment Break
11:00 - 12:00 FIRST Team Update Presentations
Coordinator: Kathy Fithen (CERT/CC) and Klaus-Peter Kossakowski
12:00 - 14:00 Lunch Break
14:00 - 15:30 IRT Concepts
Session Chair: Steve Romig (Ohio State University)

Tackling the Infrastructure problem
Author: Jeffrey J. Carpenter and Jed Pickel (CERT/CC)
The Prospects of Incident Response
Author: Suzana Stojakovic-Celustka (CARNet)
A Model for Structural Organization of Computer Security Incident Handling Agencies
Author: Ahmet Koltuksuz (Izmir Inst. of Technology)

15:30 - 16:30 Refreshment Break
16:30 - 17:30 PGP Keysigning Session
Coordinator: Ahmet Koltuksuz (Izmir Inst. of Technology)
18:00 - 21:00 Conference Banquet

Wednesday, June 24, 1998

08:00 - On-Site Registration
09:00 - 10:30 Security Tools
Session Chair: Wietse Venema (IBM Watson Research)

Proxy for Protection against hostile executable content
Liane Tarouco & Marco Aurelio Bonato (University Federal of Rio Grande do Sul)
A secure patch distribution service
D. Bruschi, A. Cainarca, F. Contini, E. Rosti (CERT-IT)
Development of Security On Demand Server for detecting Security Vulnerability Remotely
Wang-sung Chun, Seok-chul Baek (Korea Telecom R&D center)

10:30 - 11:00 Refreshment Break
11:00 - 12:00 Hands on Experience with the State-of-the-Art Cryptographic Software (Workshop)
Ahmet Koltuksuz (Izmir Inst. of Technology)
12:00 - 14:00 Lunch Break
14:00 - 15:30 Results from the Future of FIRST Task Force II: Future organisational structure of FIRST (Panel Session)
Coordinator: Klaus-Peter Kossakowski
For more information see the Task Force Page.
15:30 - 16:30 Refreshment Break
16:30 - 17:30 What Did That IT Incident Actually Cost? The IT Incident Cost Analysis Model and Findings (Workshop)
Virginia Rezmierski, Stephen Deering, Amy Fazio (University of Michigan)
19:00 - 21:00 BoF (Birds of a Feather) Sessions
Coordinator: Eric Halil (AUSCERT)
See also the list of scheduled BoF sessions.

Thursday, June 25, 1998

08:00 - On-Site Registration
09:00 - 10:30 How the Domain Name System (DNS) plays a role in incident response (Workshop)
Jeffrey J. Carpenter (CERT/CC)
10:30 - 11:00 Refreshment Break
11:00 - 12:00 Internet Service Provider (ISP) Panel
Coordinator: Kevin J. McMahon (MCI)
12:00 - 14:00 Lunch Break
14:00 - 17:30 FIRST General Meeting
The general meeting agenda will be e-mailed to the FIRST Teams prior to the conference.
Attendance and participation at the FIRST Steering Committee and General Meetings is limited to FIRST team members and their invited guests.
Information about the Annual General Meeting is available on the AGM page.

Friday, June 26, 1998

09:00 - 10:30 IRT Operation and Coordiantion
Session Chair: Fran Nielsen (NIST)

Experiences of security incidents in Mexico
Author: Israel Quiroz-Plata (National Autonomous University of Mexico)
Moving towards the exchange of incident statistical data
Author: Jeffrey J. Carpenter (CERT/CC) and Brian P. Dunphy (ASSIST)
Risk assessment for Incident Response Teams
Author: Viviani Paz (AUSCERT)

10:30 - 11:00 Refreshment Break
11:00 - 12:00 Ask the experts (Panel)
Coordinator: Roger Safian (Northwestern University)
12:00 - 14:00 Lunch Break
14:00 - 15:30 Closing Session

Sunday, June 21, 1998
19:00	-	21:00	On-Site Registration
19:00	-	21:00	Icebreaker and Early Arrival Get-Together
Monday, June 22, 1998
08:00	-		On-Site Registration
09:00	-	10:30	Tutorial Track 1: Establishing an Incident Response Team (full day tutorial) Instructors: Sandy Sparks (CIAC), Kathy Fithen (CERT-CC), Marianne Swanson (NIST), Pat Zechman (SAIC)
09:00	-	10:30	Tutorial Track 2: Developments in Internet and Web Liability Internationally Instructor: William J. Cook (Brinks Hofer Gilson & Lione, Intellectual Property Attorneys)
10:30	-	11:00	Refreshment Break
11:00	-	12:00	Tutorial Track 1: Establishing an Incident Response Team (continued)
11:00	-	12:00	Tutorial Track 2: Computer Virus Operations and Detection David L. Crawford (Lawrence Livermore National Laboratory)
12:00	-	14:00	Lunch Break
14:00	-	15:30	Tutorial Track 1: Dealing with Law Enforcement Agencies Instructors: Stephen P. Heymann (Assistant United States Attorney), Steve Romig (Ohio State University), Peter Garza (Naval Criminal Investigative Service)
14:00	-	15:30	Tutorial Track 2: Computer Virus Operations and Detection (continued)
15:30	-	16:30	Refreshment Break
16:30	-	17:30	Tutorial Track 1: Dealing with Law Enforcement Agencies (continued)
16:30	-	17:30	Tutorial Track 2: Computer Virus Operations and Detection (continued)
Tuesday, June 23, 1998
08:00	-		On-Site Registration
09:00	-	09:30	Welcoming Remarks
09:30	-	10:30	Keynote Address Michael Vatis (Deputy Assistant Director, Chief of the National Infrastructure Protection Center)
10:30	-	11:00	Refreshment Break
11:00	-	12:00	FIRST Team Update Presentations Coordinator: Kathy Fithen (CERT/CC) and Klaus-Peter Kossakowski
12:00	-	14:00	Lunch Break
14:00	-	15:30	IRT Concepts Session Chair: Steve Romig (Ohio State University) Tackling the Infrastructure problem Author: Jeffrey J. Carpenter and Jed Pickel (CERT/CC) The Prospects of Incident Response Author: Suzana Stojakovic-Celustka (CARNet) A Model for Structural Organization of Computer Security Incident Handling Agencies Author: Ahmet Koltuksuz (Izmir Inst. of Technology)
15:30	-	16:30	Refreshment Break
16:30	-	17:30	PGP Keysigning Session Coordinator: Ahmet Koltuksuz (Izmir Inst. of Technology)
18:00	-	21:00	Conference Banquet
Wednesday, June 24, 1998
08:00	-		On-Site Registration
09:00	-	10:30	Security Tools Session Chair: Wietse Venema (IBM Watson Research) Proxy for Protection against hostile executable content Liane Tarouco & Marco Aurelio Bonato (University Federal of Rio Grande do Sul) A secure patch distribution service D. Bruschi, A. Cainarca, F. Contini, E. Rosti (CERT-IT) Development of Security On Demand Server for detecting Security Vulnerability Remotely Wang-sung Chun, Seok-chul Baek (Korea Telecom R&D center)
10:30	-	11:00	Refreshment Break
11:00	-	12:00	Hands on Experience with the State-of-the-Art Cryptographic Software (Workshop) Ahmet Koltuksuz (Izmir Inst. of Technology)
12:00	-	14:00	Lunch Break
14:00	-	15:30	Results from the Future of FIRST Task Force II: Future organisational structure of FIRST (Panel Session) Coordinator: Klaus-Peter Kossakowski For more information see the Task Force Page.
15:30	-	16:30	Refreshment Break
16:30	-	17:30	What Did That IT Incident Actually Cost? The IT Incident Cost Analysis Model and Findings (Workshop) Virginia Rezmierski, Stephen Deering, Amy Fazio (University of Michigan)
19:00	-	21:00	BoF (Birds of a Feather) Sessions Coordinator: Eric Halil (AUSCERT) See also the list of scheduled BoF sessions.
Thursday, June 25, 1998
08:00	-		On-Site Registration
09:00	-	10:30	How the Domain Name System (DNS) plays a role in incident response (Workshop) Jeffrey J. Carpenter (CERT/CC)
10:30	-	11:00	Refreshment Break
11:00	-	12:00	Internet Service Provider (ISP) Panel Coordinator: Kevin J. McMahon (MCI)
12:00	-	14:00	Lunch Break
14:00	-	17:30	FIRST General Meeting The general meeting agenda will be e-mailed to the FIRST Teams prior to the conference. Attendance and participation at the FIRST Steering Committee and General Meetings is limited to FIRST team members and their invited guests. Information about the Annual General Meeting is available on the AGM page.
Friday, June 26, 1998
09:00	-	10:30	IRT Operation and Coordiantion Session Chair: Fran Nielsen (NIST) Experiences of security incidents in Mexico Author: Israel Quiroz-Plata (National Autonomous University of Mexico) Moving towards the exchange of incident statistical data Author: Jeffrey J. Carpenter (CERT/CC) and Brian P. Dunphy (ASSIST) Risk assessment for Incident Response Teams Author: Viviani Paz (AUSCERT)
10:30	-	11:00	Refreshment Break
11:00	-	12:00	Ask the experts (Panel) Coordinator: Roger Safian (Northwestern University)
12:00	-	14:00	Lunch Break
14:00	-	15:30	Closing Session

The 10th Annual FIRST Conference and Workshop on Computer Security Incident Handling and Response

June 21 to June 26, 1998 Monterrey, Mexico

Schedule

Sunday, June 21, 1998

Monday, June 22, 1998

Tuesday, June 23, 1998

Wednesday, June 24, 1998

Thursday, June 25, 1998

Friday, June 26, 1998

The 10th Annual FIRST Conference and Workshop on
Computer Security Incident Handling and Response

June 21 to June 26, 1998
Monterrey, Mexico