What's New 2017

EUrope is in the course of introducing completely new legisaltion regulation privacy and data protection. Much of the data that CSIRTs use potentially is affected by this.

As the internet becomes imorteant in every more areas of our daily lifes ways need to be found to ensure resilience. The by far most important to achieve cyber resilience is collaboration across boarders.

Event to take place at the Prague Marriott on 6-8 December 2017

The Forum of Incident Response and Security Teams announces a training session on cyber security incident response for policymakers, policy analysts and government officials.

The FIRST tech team is re-working a lot of things behind the scenes. Some insights from the frontier.

Recent updates from the Board of Directors about recent activities and an outlook what we are currently working on.

For the longest time the growing Internet and digital communication was hailed as the path to a new and better world. But poorer countries where mostly left out from the benefits. Serge Droz writes about how FIRST delivers training in these regions.

More data records have been breached in the first six months of 2017 than the whole of 2016. The Gemalto Breach Level Index reports that this amounts to an astonishing 121 records lost or stolen every second of every day.

Please see details at: https://www.first.org/global/fellowship/

The Forum of Incident Response and Security Teams releases inaugural annual report, covering the scope of its activities from the 2016 conference in Seoul, through its 2017 annual event in Puerto Rico.

Memorandum of Understanding enables both organizations to benefit from each other’s programs to support computer security incident response teams (CSIRT) in the region.

The Forum of Incident Response and Security Teams announces the release of a set of guidelines and norms for vulnerability disclosure that affects multiple parties.

HostingAdvice — Laura Stamey of HostingAdvice published an article interviewing Board Members Serge Droz and Maarten Van Horenbeeck on their involvement in FIRST. It covers important initiatives, special interest groups, the Suguru Yamaguchi Fellowship Program, and how FIRST helps support a safer internet.

The FIRST Conference’s Keynote sessions concluded today with a presentation by Brian LaMacchia, Director of the Security & Cryptography group within Microsoft Research (MSR). In this department, his team conducts basic and applied research and advanced development.

Day four of the FIRST Conference began with a keynote presentation by Martijn de Hamer, the head of the National Cyber Security Operations Center (NCSOC) at the National Cyber Security Center (NCSC-NL) in the Netherlands. After having had various roles in the field of information security, de Hamer first started working for NCSC-NL (previously GOVCERT.NL) in 2005. Additionally, he is active in the field of CSIRT maturity and other aspects of CSIRT capacity building.

Day 3 of the FIRST Conference got started with keynote speaker Florian Egloff. Florian Egloff is a Clarendon Scholar, a D. Phil (PhD) Candidate in Cyber Security at the Centre for Doctoral Training in Cyber Security at the University of Oxford, and a Research Affiliate at the Cyber Studies Programme at Oxford University's Department of Politics and International Relations. He is currently working on his thesis entitled "Cybersecurity and non-state actors: a historical analogy with mercantile companies, privateers, and pirates."

The Forum of Incident Response and Security Teams signs Memorandums of Understanding with GÉANT and OIC-CERT to enhance collaboration.

The leading association of incident response and security teams released a draft of the Product Security Incident Response Teams (PSIRT) Services Framework for public input. This is a formal list of services a PSIRT may consider implementing to address the needs of their constituency. Public input is welcomed until August 31, 2017 via psirt-comments@first.org.

Day 2 of the FIRST Conference got started with keynote speaker Darren Bilby, a manager in Google’s Enterprise Infrastructure protection team, who is also a staff security engineer and self-described digital janitor. A 10-year veteran at Google, Bilby was the tech lead for Google’s Global Incident Response Team for six years, managed Google's European detection team in Zürich for two years and has also worked as a software engineer building out Google’s security tools. He was also the founder and a core developer of the open source GRR Incident Response project.

FIRST's Annual Conference kicked off on Monday morning, June 12th of 2017 with its opening keynote speaker, Facebook Chief Security Officer (CSO) Alex Stamos. As security lead for one of the world’s most noted companies, Stamos began his lecture with some of the biggest security challenges Facebook deals with.

The event offers conferences, keynote presentations and activities designed to maximize network opportunities and information exchanges on information security and incident response.

The Forum of Incident Response and Security Teams announces a public request for comments on a draft policy to guide cyber security standardization within its working groups.

The Forum of Incident Response and Security Teams has announced the release of an open training platform for cyber security incident response professionals.

Join the interview in progress! Martin chats with Alex Pinto, Chief Data Scientist at Niddel and lead of the MLSec Project on his upcoming presentation, “Beyond Matching: Applying Data Science Techniques to IOC-Based Detection.” Alex talks about the glamorous life of a data scientist and shares some of the key takeaways from his presentation. Alex presents on Monday, June 12 at 11:15-12:00.

Join the interview in progress featuring Ben Stock, post-doc researcher at CISPA, Saarland University as he discusses the highlights of his research regarding vulnerability notification. Ben and his colleague Christian Rossow, Professor of IT Security at CISPA, Saarland University will be presenting, “Hey, You Have a Problem: On the Feasibility of Large-Scale Web Vulnerability Notification,” on Tuesday, June 13th at 11:45-12:15.

El Nuevo Dia (Spanish) — El Nuevo Día writes about our announcement of holding the FIRST conference in San Juan, Puerto Rico. Over 700 security experts from 68 countries are expected to participate.

This will mark the first time that the information safety organization brings the conference to the island and the Caribbean region.

Join this week’s interview in progress as the guys talk TRUST. Lewis Philbey, Cyber-security Lead at Surevine shares his insight on issues that companies of all sizes face when sharing information. The guys also hit on some of the hurdles individuals new to the information security world face within group sharing and why organizations like FIRST exist to vet and foster trusted forums. Surevine is the official sponsor of the Sunday Ice Breaker Reception on June 11th. We’ll see you there!

The leading association of incident response and security teams released a new version of its CSIRT Services Framework. This is a formal list of services a Computer Security Incident Response Team (CSIRT) may consider implementing to address the needs of their constituency.

Join the interview in progress featuring seasoned forensic investigator, Chad Tilbury. Chad is currently the Technical Director at CrowdStrike and a Senior Instructor at the SANS Institute. Windows credentials are arguably the largest vulnerability affecting the modern enterprise. Martin, Chris, and Chad talk common attacks, mitigation techniques, best practices, and what to attendees can expect to take away from Chad's workshop. Chad presents Monday, June 12 from 11:15-12:45 at the 29th Annual FIRST Conference at the Caribe Hilton, San Juan, Puerto Rico.

May 19th, 2017 - The Forum of Incident Response and Security Teams, Inc. (FIRST) today publishes an update to its CSIRT Services Framework. This is an important milestone on the way to a complete and consistent description of services provided CSIRTs. The new CSIRT Services Framework Version 1.1 (PDF) enhances the original version published last year.

Join the interview in progress! FIRST's official podcast team, Martin McKeay and Chris John Riley, are back! Martin and Chris kick off this year's series with FIRST Board of Director and 2017 Conference Liaison, Derrick Scholl. Amazing programming and new opportunities are abundant this year. Find out more about how you can make the most of your time at the 29th Annual FIRST Conference and what NOT to miss out.

The leading association of incident response and security teams publishes its repository of twenty years of incident response learnings.

In addition to the main conference programming, additional pre and post conference programming is now available for review. Please be sure to review as additional registration may be required for certain events/meetings.

Standard registration rates for both members and non-members expires on Wednesday, April 26th — submit your registration today before the late rate kicks in. Learn more about conference registration here.

Memorandum of Understanding enables organizations to improve international cooperation on developing standards for cybersecurity.

The working draft of the 29th Annual FIRST Conference agenda has been posted. Please note that the agenda will be undergoing modifications over the next few weeks as we confirm our speakers. For any specific scheduling questions, please contact the planning team at first-2017@first.org.

The FIRST Board of Directors recognizes and shares the concerns of members and event attendees about recent changes in US immigration policy. We believe global participation is a prerequisite to developing strong and successful responses to internet security issues.

The comment period for the "Guidelines and Practices for Multi-Party Vulnerability Coordination", published by the Vulnerability Coordination SIG, was extended to February 28th, 2017. FIRST invites anyone with an interest in this area to review the current draft, available from https://www.first.org/global/sigs/vulnerability-coordination/multiparty, and provide comments for consideration.