Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Forum of Incident Response and Security Teams (FIRST)

Published byAngel Parrish Modified over 5 years ago

Similar presentations

Presentation on theme: "The Forum of Incident Response and Security Teams (FIRST)"— Presentation transcript:

1 The Forum of Incident Response and Security Teams (FIRST)

2 Who are we? Association of Incident Response and Security Teams
Founded in 1989 We enable incident responders To engage with their peers To have a shared understanding of security problems By developing technologies and standards 2

3 Global FIRST membership 409 teams in 84 countries
Note to Presenter: You can obtain the latest map / stats here - Today, FIRST is comprised of over 300 members in 70 countries. 3 3

4 Membership

5 Membership application process
05 04 03 02 01 IDENTIFY TWO SPONSORS Contact the FIRST Secretariat, and identify a primary and secondary sponsor among existing membership SITE VISIT Have the primary sponsor perform a site visit to assess CSIRT maturity SUBMIT APPLICATION File application forms Have PGP keys signed Obtain letters of support from sponsors FIRST MEMBER REVIEW Application is sent to members Members provide input Any concerns are addressed BOARD APPROVAL FIRST Board approves Pay membership fee

6 Fellowship Program FIRST funds participation by up to four new teams each year Open to CSIRT with some level of national responsibility Over five years of Fellowship program participation, we subsidize participation in the conference and organization. Subsidies decrease annually, from near total funding in the first year through to no subsidies by the end of the six year period. 6 6

7 FIRST as an organization
Led by a 10-person Board of Directors, elected by Members No headquarters, but secretariat in Chicago 501c3 non-profit incorporated in the United States Funded primarily through membership fees 7

8 Events Conference Symposium Technical Colloquium Flagship event
Once per year, travels between regions ~ attendees Conference Organized by individual members National or regional event Typically events per year Technical Colloquium Four per year Typically in each major region (Africa, Europe, Latin America, Asia) Hosted by FIRST and often a partner Symposium

9 Global events 2017 Events

10 Training and Education
FIRST maintains a CSIRT and PSIRT Services Framework Details all services typically offered by CSIRT Offers a roadmap and guide for CSIRT as they expand capability FIRST develops training for individual services CSIRT Fundamentals, Incident Coordination, Information Sources All materials are Creative Commons licensed and available for free FIRST delivers training with partners and at events Roster of trainer-practitioners

11 Special Interest Groups
Convene members around topics of common interest Often have a formal charter, timeline and deliverables Types of SIGs: Working groups: Big Data, Ethics, Red Team Standards groups: CVSS, IEP, TLP, Passive DNS exchange Discussion groups: Vendors, Metrics, Industrial Control Systems Bird of a Feather session: legal issues, specific temporary topics

12 Standards IEP Passive TLP DNS Passive DNS Traffic Light Protocol
Scoring system for software vulnerabilities Allows integration of environmental factors Interactive training Common Vulnerability Scoring System Traffic Light Protocol Information Exchange Protocol Passive DNS IEP Enable easier sharing of passive DNS information Standard contributed to the IETF Allows data senders to encode how information may be distributed Focused on human sharing, simple to use More fine grained specification of Handling, Action, Sharing and Licensing policies Focused on machine sharing (JSON) Passive DNS TLP

13 Technical resources Membership database
A FIRST member database with contact information for incident responders at other members. Including PGP keys. Poll information on other members using a public API. Share machine-parseable incident descriptions with members using the MISP platform. Immediate communications channels with other FIRST members. Membership database FIRST Incident Response Team API Malware Information Sharing Platform Mailing lists and IRC

14 Internet Governance and Policy
Be a trusted security expert to the policy community FIRST regularly participates in policy forums, such as the Internet Governance Forum, Global Conference on Cyberspace to educate policy makers on incident response Lead experts to the IGF Best Practices Forum on Cybersecurity Help develop technology expertise and capability

15 Partners Partners share our vision of a strong incident response community

16 Questions? 16

Download ppt "The Forum of Incident Response and Security Teams (FIRST)"

Similar presentations

1 How to Start a Local User Group... and Keep It Going!

1 How to Start a Local User Group... and Keep It Going!
ClimDev-Africa Program & African Climate Policy Center (ACPC)

ClimDev-Africa Program & African Climate Policy Center (ACPC)
High level expert meeting to develop the Near East Regional Action Plan to Implement the Global Strategy to improve Agricultural and Rural Statistics.

High level expert meeting to develop the Near East Regional Action Plan to Implement the Global Strategy to improve Agricultural and Rural Statistics.
DR MACIEJ JUNKIERT PRACOWNIA BADAŃ NAD TRADYCJĄ EUROPEJSKĄ Guide for Applicants.

DR MACIEJ JUNKIERT PRACOWNIA BADAŃ NAD TRADYCJĄ EUROPEJSKĄ Guide for Applicants.
Great Lakes Regional Pollution Prevention Roundtable An Overview of Services and Resources

Great Lakes Regional Pollution Prevention Roundtable An Overview of Services and Resources
What is itSMF Macedonia?  Non-profit organization affiliated to the itSMF International.  Established as a forum for: – IT service/product providers,

What is itSMF Macedonia?  Non-profit organization affiliated to the itSMF International.  Established as a forum for: – IT service/product providers,
ASUG’s Roadmap to Influence QM Session. What Influence used to be... Submit written development requests to ASUG ASUG spent considerable resources organizing.

ASUG’s Roadmap to Influence QM Session. What Influence used to be... Submit written development requests to ASUG ASUG spent considerable resources organizing.
Behind the FIRST Rob Floodeen (Dell SecureWorks), Alex Jaeger (BASF), Michael Dwucet (CERT-Bund), John Kristoff (Team Cymru)

Behind the FIRST Rob Floodeen (Dell SecureWorks), Alex Jaeger (BASF), Michael Dwucet (CERT-Bund), John Kristoff (Team Cymru)
CCIRN meeting, Cairns, 3 July 2004 Computer security co-operation in Europe Karel Vietsch Based on materials provided by TERENA TF-CSIRT.

CCIRN meeting, Cairns, 3 July 2004 Computer security co-operation in Europe Karel Vietsch Based on materials provided by TERENA TF-CSIRT.
Members Meeting WINGSForum 2014 March 29, 2014 Istanbul, Turkey

Members Meeting WINGSForum 2014 March 29, 2014 Istanbul, Turkey
“ Building a Global Community” ONCE Global Summit 2005 May 4 – 6, 2205 Milan, Italy Hosted by i-Faber (www.1City.biz) Sponsored by:

“ Building a Global Community” ONCE Global Summit 2005 May 4 – 6, 2205 Milan, Italy Hosted by i-Faber ( Sponsored by:
Www.issa.org1. 2 Overview With active participation from individuals and chapters all over the world, the Information Systems Security Association (ISSA)

2 Overview With active participation from individuals and chapters all over the world, the Information Systems Security Association (ISSA)
Supported by The Global Forum on Food Security and Nutrition an overview by Mauricio Rosales www.fao.org/fsnforum.

Supported by The Global Forum on Food Security and Nutrition an overview by Mauricio Rosales
Day 4-2 Inter-Network Cooperation 4-2.inter-network-cooperation 1 Cooperation and Coordination community, sharing, incident response, trust.

Day 4-2 Inter-Network Cooperation 4-2.inter-network-cooperation 1 Cooperation and Coordination community, sharing, incident response, trust.
Introduction to PSMO Process Safety Management for Operations.

Introduction to PSMO Process Safety Management for Operations.
A New Start for EUTO Redruth, 29 September 2012 Henk Schüller.

A New Start for EUTO Redruth, 29 September 2012 Henk Schüller.
Ggim.un.org. The United Nations initiative on Global Geospatial Information Management A formal mechanism under UN protocol to discuss, enhance and coordinate.

Ggim.un.org. The United Nations initiative on Global Geospatial Information Management A formal mechanism under UN protocol to discuss, enhance and coordinate.
Discussion on HTASC Future Tobias Haas XV HTASC 3 October, 2003 CERN.

Discussion on HTASC Future Tobias Haas XV HTASC 3 October, 2003 CERN.
Besides learning how the JCI information system works, you will receive essential details on how to manage the database center application, as well as.

Besides learning how the JCI information system works, you will receive essential details on how to manage the database center application, as well as.
Www.issa-be.org1. ISSA-BE Presentation Toon Mordijck Vice President ISSA-BE 14 September 2006.

ISSA-BE Presentation Toon Mordijck Vice President ISSA-BE 14 September 2006.

Similar presentations

Ads by Google