FIRST Overview. [PDF]

FIRST Overview Jean Robert Hountomey FIRST Liaison

About FIRST (www.first.org)

Forum of Incident Response and Security Teams Founded in 1990 after the first CERT was formed as a result of the Internet worm. Today, FIRST is comprised of over 280 members in nearly 50 countries

VISION FIRST is a premier organization and recognized global leader in incident response. Membership in FIRST enables incident response teams to more effectively respond to security incidents by providing access to best practices, tools, and trusted communication with member teams. FIRST.Org, Inc. All rights reserved.

2

FIRST – A Global Community

FIRST.Org, Inc. All rights reserved.

3

FIRST Mission Statement FIRST is an international confederation of trusted computer incident response teams who cooperatively handle computer security incidents and promote incident prevention programs.

FIRST members develop and share technical information, tools, methodologies, processes and best practices FIRST encourages and promotes the development of quality security products, policies & services FIRST develops and promulgates best computer security practices FIRST promotes the creation and expansion of Incident Response teams and membership from organizations from around the world FIRST members use their combined knowledge, skills and experience to promote a safer and more secure global electronic environment.


4

FIRST Steering Committee FIRST SC Members are elected by the membership at their Annual General Meeting to serve 2 year terms. Half of the SC is up for re-election each year. – – – – – – – – – –

Chris Gibson, Citi CIRT, UK (Chair) Steve Adegbite, Lockheed Martin, US Cristine Hoepers, CERT.br, BR Pete Allor, IBM, USA (CFO) Suguru Yamaguchi, JPCERT/CC, JP Margrete Raaum, Univ of Oslo, NO Derrick Scholl, Juniper, US Maarten Van Horenbeeck, Google, US Robert Schischka, CERT.at, AT Ken van Wyk, KRvW Associates, US


5

Why Teams Join FIRST TO GET ACCESS TO A WORLDWIDE COMMUNITY OF LIKE-MINDED EXPERTS By working together through FIRST’s network, each incident response and security team assists other teams and pools expertise to coordinate the most effective response, providing fast, global solutions. IT’S A TRUSTED FORUM FIRST provides an internationally trusted forum for confidential interactions among incident response and security teams. Interactive assistance is available either on a team-to-team basis (through introductions to teams) or by using the FIRST’s infrastructure to share information among all members via secure channels


6

FIRST Annual Conference 16-21 June 2013 in Bangkok The conference provides a forum for sharing goals, ideas, information, and information on how to improve global computer security. The five-day event includes: • Learn the latest security strategies in incident management • Increase your knowledge and technical insight about security problems and solutions • Keep up-to-date with the latest incident response and prevention techniques • Gain insight on analyzing network vulnerabilities • Hear how the industry experts manage their security issues • Interact and network with colleagues from around the world to exchange ideas and advice on incident response • Earn up to 26 CPEs credits towards professional certifications • Sponsorship opportunities to reach our global audience Who attends? • Technical staff who determine security product requirements and implement solutions • Policy and decision makers with overall security responsibility • Law enforcement staff who are involved in investigating cyber crimes • Legal counsel who work with policy and decision makers in establishing security policies • Senior managers directly charged with protecting their infrastructure • Government managers and senior executives who are responsible for protecting systems and critical infrastructures FIRST.Org, Inc. All rights reserved.

7

More FIRST has to offer: FIRST SYMPOSIA and TECHNICAL COLLOQUIA •Regional events around world throughout the year •Exclusive discussion forum & training for FIRST member teams BEST PRACTICES, PRESENTATIONS & PODCASTS •Improve communication •Form alliances with peer teams •Exchange ideas and best practices •Download resources for your in-house training and CERT team start-up resources. COMMUNICATIONS AND DISCUSSION LISTS •Keep abreast of the latest intelligence about security incidents •Read and share experiences •Become part of a group where you can post your questions and concerns FIRST.Org, Inc. All rights reserved.

8

Committees & Special Interest Groups FIRST Committees: – – –

Educational Committee Conference Program Committee Membership Committee

SIGS include: * Common Vulnerability Scoring System (CVSS-SIG) * Internet Infrastructure Vendors (Vendor SIG) * Law Enforcement/CSIRT Cooperation (LECC-SIG) * Malware Analysis SIG (MA-SIG) * Metrics SIG


9

FIRST Liaison Activities with ITU and ISO FIRST established a liaison relationship with ISO/IEC JTC 1/SC 27 in 2009 FIRST became a sector member of ITU-T and ITU-D in 2009 In ISO, FIRST actively drives work on: *) ISO 29147 - Vulnerability Disclosure *) ISO 27037 - Evidence Acquisition Procedure for Digital Forensics with contributions to ISO 27035 - Information Security Incident Management In ITU-T, FIRST is contributing to X.1500 recommendation (Cybex) and maintain CVSS which will become ITU-T recommendation X.1521 (part of the Cybex). FIRST is also in the process of investigating how to co-operate with ITU-D


10

FIRST Membership 1.Applicants identify two Full FIRST members to sponsor their application 2.Applicants fill out the membership application form that can be found online at www.first.org. 3.Write an application letter stating that you want to join FIRST, and outlining the benefits you can bring to the organization. 4.One of your sponsors must conduct a site visit and submit a report. 5.Both sponsors write a letter introducing and recommending the applying team for FIRST full membership. 6.Sponsors must also sign the applying team rep PGP key and team key. 7.Both of the sponsors submit the entire application package to FIRST. 8.FIRST will review the application and forward to the FIRST Membership Committee (MC) for review and approval. If there are questions, your team will be contacted by the MC. 9.The whole application is posted for FIRST member feedback and the FIRST Steering Committee has final approval. Once accepted, you will be notified by the SC Chair and sent a dues invoice –$800 USD application fee and $2000 USD in Annual Dues for 2013.


11

Fellowship program • Offers FIRST membership support for countries on the UN Least Developed Country (LDC) list • Covers support over six years – – – –

Lodging for conference Conference fees Membership fee Decreases partially each year, goal is for team to become self-sufficient member

• Team is assigned a FIRST mentor


12

Fellowship program • Application process: – – –

Team must have national coordination role for a category of networks (industry, government, …) Team must be headquartered in an LDC, or have responsibility for incident handling in an LDC Apply with: ● ● ●

Motivation letter Application form Contact [email protected] if interested!

• Intake until December 31st for 2014 conference http://www.first.org/global/fellowship FIRST.Org, Inc. All rights reserved.

13

For more information contact: www.first.org

Chair, Chris Gibson [email protected] FIRST Secretariat [email protected]


14