Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Forum of Incident Response and Security Teams (FIRST)

Published byMillicent Adams Modified over 5 years ago

Similar presentations

Presentation on theme: "The Forum of Incident Response and Security Teams (FIRST)"— Presentation transcript:

1 The Forum of Incident Response and Security Teams (FIRST)
Strengthening Community of Incident Response and Security Teams Adli Wahid The Forum of Incident Response and Security Teams (FIRST)

2 Agenda FIRST Community Overview of projects and initiatives

3 Internet of Things Communities

4 Who are we? Association of Incident Response and Security Teams
Founded in 1989 We enable incident responders To engage with their peers To have a shared understanding of security problems By developing technologies and standards 4

5 FIRST – A Global Community
Global FIRST membership 387 teams in 83 countries FIRST – A Global Community Note to Presenter: You can obtain the latest map / stats here - Today, FIRST is comprised of over 300 members in 70 countries. 5 5

6 Fellowship Program FIRST funds participation by up to four new teams each year Open to CSIRT with some level of national responsibility Over five years of Fellowship program participation, we subsidize participation in the conference and organization. Subsidies decrease annually, from near total funding in the first year through to no subsidies by the end of the six year period. 7 7

7 FIRST as an organization
Led by a 10-person Board of Directors, elected by Members No headquarters, but secretariat in Chicago 501c3 non-profit incorporated in the United States Funded primarily through membership fees 8

8 Events Conference Symposium Technical Colloquium Flagship event
Once per year, travels between regions ~ attendees Conference Organized by individual members National or regional event Typically events per year Technical Colloquium Four per year Typically in each major region (Africa, Europe, Latin America, Asia) Hosted by FIRST and often a partner Symposium

9 Global events Events

10 Training and Education
FIRST maintains a CSIRT and PSIRT Services Framework Details all services typically offered by CSIRT Offers a roadmap and guide for CSIRT as they expand capability FIRST develops training for individual services CSIRT Fundamentals, Incident Coordination, Information Sources All materials are Creative Commons licensed and available for free FIRST delivers training with partners and at events Roster of trainer-practitioners

11 Special Interest Groups
Convene members around topics of common interest Often have a formal charter, timeline and deliverables Types of SIGs: Working groups: Big Data, Ethics, Red Team Standards groups: CVSS, IEP, TLP, Passive DNS exchange Discussion groups: Vendors, Metrics, Industrial Control Systems Bird of a Feather session: legal issues, specific temporary topics

12 Standards IEP Passive TLP DNS Passive DNS Traffic Light Protocol
Scoring system for software vulnerabilities Allows integration of environmental factors Interactive training Common Vulnerability Scoring System Traffic Light Protocol Information Exchange Protocol Passive DNS IEP Enable easier sharing of passive DNS information Standard contributed to the IETF Allows data senders to encode how information may be distributed Focused on human sharing, simple to use More fine grained specification of Handling, Action, Sharing and Licensing policies Focused on machine sharing (JSON) Passive DNS TLP

13 Technical resources Membership database
A FIRST member database with contact information for incident responders at other members. Including PGP keys. Poll information on other members using a public API. Share machine-parseable incident descriptions with members using the MISP platform. Immediate communications channels with other FIRST members. Membership database FIRST Incident Response Team API Malware Information Sharing Platform Mailing lists and IRC

14 Internet Governance and Policy
Be a trusted security expert to the policy community FIRST regularly participates in policy forums, such as the Internet Governance Forum, Global Conference on Cyberspace to educate policy makers on incident response Lead experts to the IGF Best Practices Forum on Cybersecurity Help develop technology expertise and capability

15 Partners Partners share our vision of a strong incident response community

16 Conclusion Internet of Communities
Needs capacity and capabilities everywhere Proactive - CSIRT of the “last resort” Capacity Building is not just training Challenges & Strength We need your help! Tonga CERT

17 Twitter: @firstdotorg
Questions? 18

Download ppt "The Forum of Incident Response and Security Teams (FIRST)"

Similar presentations

ClimDev-Africa Program & African Climate Policy Center (ACPC)

ClimDev-Africa Program & African Climate Policy Center (ACPC)
International Telecommunication Union ITU-D Overview.

International Telecommunication Union ITU-D Overview.
High level expert meeting to develop the Near East Regional Action Plan to Implement the Global Strategy to improve Agricultural and Rural Statistics.

High level expert meeting to develop the Near East Regional Action Plan to Implement the Global Strategy to improve Agricultural and Rural Statistics.
Great Lakes Regional Pollution Prevention Roundtable An Overview of Services and Resources

Great Lakes Regional Pollution Prevention Roundtable An Overview of Services and Resources
What is itSMF Macedonia?  Non-profit organization affiliated to the itSMF International.  Established as a forum for: – IT service/product providers,

What is itSMF Macedonia?  Non-profit organization affiliated to the itSMF International.  Established as a forum for: – IT service/product providers,
Behind the FIRST Rob Floodeen (Dell SecureWorks), Alex Jaeger (BASF), Michael Dwucet (CERT-Bund), John Kristoff (Team Cymru)

Behind the FIRST Rob Floodeen (Dell SecureWorks), Alex Jaeger (BASF), Michael Dwucet (CERT-Bund), John Kristoff (Team Cymru)
Global Forum for Rural Advisory Services Space for Advocacy and Leadership on RAS 16-Aug-15 1 Presentation: What does GFRAS do?

Global Forum for Rural Advisory Services Space for Advocacy and Leadership on RAS 16-Aug-15 1 Presentation: What does GFRAS do?
APCERT : APNIC Meeting 2014’ International Collaboration for Regional Cybersecurity Risk Reduction - APCERT Collaboration with Stakeholders Yurie Ito Chair,

APCERT : APNIC Meeting 2014’ International Collaboration for Regional Cybersecurity Risk Reduction - APCERT Collaboration with Stakeholders Yurie Ito Chair,
CCIRN meeting, Cairns, 3 July 2004 Computer security co-operation in Europe Karel Vietsch Based on materials provided by TERENA TF-CSIRT.

CCIRN meeting, Cairns, 3 July 2004 Computer security co-operation in Europe Karel Vietsch Based on materials provided by TERENA TF-CSIRT.
Www.issa.org1. 2 Overview With active participation from individuals and chapters all over the world, the Information Systems Security Association (ISSA)

2 Overview With active participation from individuals and chapters all over the world, the Information Systems Security Association (ISSA)
Supported by The Global Forum on Food Security and Nutrition an overview by Mauricio Rosales www.fao.org/fsnforum.

Supported by The Global Forum on Food Security and Nutrition an overview by Mauricio Rosales
Day 4-2 Inter-Network Cooperation 4-2.inter-network-cooperation 1 Cooperation and Coordination community, sharing, incident response, trust.

Day 4-2 Inter-Network Cooperation 4-2.inter-network-cooperation 1 Cooperation and Coordination community, sharing, incident response, trust.
Ggim.un.org. The United Nations initiative on Global Geospatial Information Management A formal mechanism under UN protocol to discuss, enhance and coordinate.

Ggim.un.org. The United Nations initiative on Global Geospatial Information Management A formal mechanism under UN protocol to discuss, enhance and coordinate.
Presentation to North Carolina State Board of Education Global Education Task Force March 14, 2012  Adam Hartzell, Executive Director  Matt Friedrick,

Presentation to North Carolina State Board of Education Global Education Task Force March 14, 2012  Adam Hartzell, Executive Director  Matt Friedrick,
The Internet Society (ISOC) Sebastián Bellagamba Manager – Regional Bureau for Latin America and the Caribbean

The Internet Society (ISOC) Sebastián Bellagamba Manager – Regional Bureau for Latin America and the Caribbean
The Next Stage for Results in Africa. Context 2005 Paris Declaration on Aid Effectiveness 2006 Mutual Learning Events Uganda & Burkina Faso 2007 Hanoi.

The Next Stage for Results in Africa. Context 2005 Paris Declaration on Aid Effectiveness 2006 Mutual Learning Events Uganda & Burkina Faso 2007 Hanoi.
1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.
The Practices of CERT -- Building National Computer Network Emergency Response Capability Mingqi CHEN CNCERT/CC APCERT 2005-1- 28 APAN Bangkok.

The Practices of CERT -- Building National Computer Network Emergency Response Capability Mingqi CHEN CNCERT/CC APCERT APAN Bangkok.
Issue Date: Revision: APNIC Outreach Activities in Cyber Security Adli Wahid Security Specialist

Issue Date: Revision: APNIC Outreach Activities in Cyber Security Adli Wahid Security Specialist
APCERT Dr. Suguru Yamaguchi JPCERT/CC. What’s APCERT? “Asia Pacific Computer Emergency Response Team” –Regional forum of CSIRT in Asia Pacific –Established.

APCERT Dr. Suguru Yamaguchi JPCERT/CC. What’s APCERT? “Asia Pacific Computer Emergency Response Team” –Regional forum of CSIRT in Asia Pacific –Established.

Similar presentations

Ads by Google