Additional Programming

NatCSIRT 2016
11th Annual Technical Meeting for CSIRTs with National Responsibility

Is your organization responsible for protecting the security of nations, economies, and critical infrastructures? If so, attend NatCSIRT 2016 to discuss with your peers the unique challenges you face every day. You will drive discussions that focus on current issues, tools, and methods relevant to the National CSIRT community. This year’s meeting is co-located with the 28th Annual FIRST Conference in Seoul, South Korea. This meeting is by invitation only and more information can be found at www.cert.org/natcsirt.

FIRST Training

Register via https://registration.first.org/registration/2016/training-seoul

FIRST is offering the following training courses on Sunday, 12 June. These introductory (Beginner Level) courses are intended for new teams or organizations that wish to start a CSIRT Team. You can review the course descriptions below and all registrants will be sent a link to review and download the course materials in advance. There is no cost to attend – however, registering and not showing, may result in a cancellation of your conference participation. So please be sure to review the subject matter and notify us if there is a change in your anticipated attendance.

Studio 4 Studio 5 Studio 8
08:00 – 12:30

Module 1: CSIRT Fundamentals

Module 2: Starting with a CSIRT

Module 3: CSIRT Operation

13:30 – 18:00

Module 4: Working with Information Sources

Module 5: Incident Coordination

Module 6: CSIRT Performance Measurement

Module Descriptions

Prerequisites: None

Module 1: CSIRT Fundamentals
This module examines what incident management is and how it fits into various frameworks, defines what a CSIRT is and its role in incident management, and steps through organizational planning issues around creation of a CSIRT.
Module 2: Starting with a CSIRT
This module walks through how CSIRT leaders and managers would set up and manage a newly created CSIRT. It covers both the external processes of meeting the needs of stakeholders and community and the internal processes of policies, configuration, and planning.
Module 3: CSIRT Operation
This module steps through the incident management process in detail, including how to improve incident handling techniques, and also steps through best practices for publishing communications about incidents, working with the media, and testing and verifying incident management processes.
Module 4: Working with Information Sources
This module steps through how to work with information sources to gather critical information, including open-source intelligence and proprietary intelligence. It also examines processes for information exchange.
Module 5: Incident Coordination
This module focuses on how to handle major security events and coordinate incident responses with external entities such as vendors, law enforcement, and various types of organizations.
Module 6: CSIRT Performance Measurement
This module establishes methods to measure and improve the effectiveness of a CSIRT by using performance analysis and maturity models.

Trainer Training - How to become a better trainer and presenter! By Don Stikvoort (MSc CTNLP, NL)

Don Stikvoort has 30 year’s work experience, was one of Europe’s Internet pioneers, “founding father” of 8 cyber incident response teams and originator of the European cooperation in this area. Don has been a FIRST member since 1992. Also, he is an executive coach and certified master trainer - training people in the areas of NLP, hypnotherapy, communication and presentation. In this post-conference session on Friday, Don will provide insight on how to become a more effective trainer and presenter.

Friday, 17 June from 10:15 to 17:15. They will be a 2 hour break for closing remarks and lunch.

Space is limited (no fee to attend) and pre-registration required at https://registration.first.org/registration/2016/t3-seoul