13th Annual Computer Security
Incident Handling Conference
 
Congress Center Pierre Baudis, Toulouse, France
June 1722, 2001
Conference Program
 

Conference Program
Sunday
14h00-18h00 : On-site Registration
19h00-21h00: Ice Breaker Welcome Reception
Monday
7h00-18h00 : On-site Registration
9h00-12h30 : Tutorial
Byron Collie 
(Wells Fargo Services Company)
Legal and Operational Issues affecting Evidence Preservation and Recovery in Intrusion Cases
9h00-12h30 : Tutorial 
Robin M. Ruefle 
(CERT/CC)
Creating a Computer Security Incident Response Team
12h30-14h00 : Lunch Break
14h00-17h30: Tutorial
Byron Collie
(Wells Fargo Services Company)
Legal and Operational Issues affecting Evidence Preservation and Recovery in Intrusion Cases
14h00-17h30: Tutorial
Robin M. Ruefle
(CERT/CC)
Creating a Computer Security Incident Response Team
Tuesday
7h00-18h00 : On-site Registration
9h00-12h30: Tutorial
Christine M. Orshesky
(IFsec)
Investigating Malware Incidents
9h00-12h30: Tutorial
Douglas W. Barbin
and
Rob Hanson

(Guardent)
Incident Management and Forensics in the 21rst Century
9h00-12h30: Tutorial
Dan Garrett 
(Emerging Technologies Group)
Recovering Malicious User Activity
12h30-14h00 : Lunch Break
14h00-16h00: Tutorial
Christine M. Orshesky
(IFsec)
Investigating Malware Incidents
14h00-16h00: Tutorial
Elizabeth Siemers
(Guardent)
NOSC's: The Good, The Bad & The Ugly
14h00-16h00: Tutorial
Dan Garrett 
(Emerging Technologies Group)
Recovering Malicious User Activity
16h00-16h30 : Break
16h30-17h30 : Hot Topics Session
HTS Coordinator : Hervé Schauer (Hervé Schauer Consultants)
17h45-20h00 : BOF Sessions
BoF Coordinator : Gordon Steele (Para-Protect)
Wednesday
7h00-18h00 : On-site Registration
9h00-9h20: Opening Remarks
Steering Committee Chair + Program Chair + Logistic Chair
9h20-10h30: Keynote Address
  • Henri Serres: Central Directorate of Information Systems Security (SGDN/DCSSI)
  • Danny de Temmerman : European Commission DG Information Society
10h30-11h00 : Break
11h00-12h30 : CSIRT Operations Session
Session Chair: Andrew Cormack, JANET-CERT
  • Jimmy Arvidsson (Telia), Incident Organization and Security Incident Handling
  • Marko Laakso (University of Oulu), Introducing constructive vulnerability disclosures
  • David Bratzer (Zero-Knowledge Systems), Experience with Abuse Management in Privacy-Enhancing Systems
12h30-14h00 : Lunch Break
14h00-15h30 : DoS Session
Session Chair: Kevin Houle, CERT/CC
  • David Harmelin (Dante), DoS attacks on transit networks
  • Rob Thomas, What NOT To Do During a DdoS Attack 
15h00-15h30 : Break
15h30-17h: CSIRT Cooperation Session
Session Chair: Jacques Schuurman, CERT-NL
  • Gorazd Bozic (SI-CERT), Collaboration of European Computer Security and Incident Response Teams
  • Don Stikvoort (Stelvio), The Trusted Introducer Service
  • Teams Update Panel, Klaus-Peter Kossakowski 
19h-2h : Conference Dinner
Thursday
7h00-18h00 : On-site Registration
9h00-10h30 : Pro-Active CSIRT tools Session
Session Chair: Claudia Natanson, BTCERTCC
  • HyunWoo Lee (CERTCC-KR), Experiences with National Wide Scan Detect Systems
  • Philippe Bourcier (CyberAbuse), The CyberAbuse Project
  • Mark McPherson (AusCERT), Automated incident report processing and cross correlation of probe and scan information
10h30-11h00 : Break
11h00-12h30: Panel Discussion
The CSIRT model in the real world
Panel Chair: Klaus-Peter Kossakowski
Members of the panel: 
  • Thierry Van der Pyl (European Commission)
  • Jorgen Bo Madsen
  • Andrew Cormack (JANET-CERT) 
  • Kathy Fithen (PricewaterhouseCoopers)
  • Mark McPherson (AusCERT)
12h30-14h00 : Lunch Break
14h00-15h00 : Intrusion Detection Session
Session Chair: Hironobu Suzuki, JPCERT/CC
  • Takefumi Onabuta (Japanese IT Promotion Agency), A Protection Mechanism for an Intrusion Detection System Based on Mandatory Access Control
  • James J. Yuill (North Carolina State University), Intrusion-Detection for Incident-Response, using a military battlefield-intelligence process
15h00-15h30 : Break
15h30-18h: Annual General Meeting
Attendance and participation at the FIRST Steering Committee and General Meetings is limited to FIRST team members and their invited guests, subject to approval by the Steering Committee. 
Information about the Annual General Meeting is available on the AGM page.
Friday
7h00-15h45 : On-site Registration
9h-9h45: Keynote Speech
Isabelle Tisserand (XP Conseil), Human factor in firm security policy
9h45-10h45: Secure Practices Session
Session Chair: Stephen Hansen, Stanford University
  • Anne Bennett (Concordia University), Securing web-based applications with hole-in-the-chroot
  • Franck Veysset (Intranode), OS Fingerprinting
10h45-11h15 : Break
11h15-12h30 :"Ask the experts" panel
Moderator: Roger Safian (Northwestern University)
12h30-14h00 : Lunch Break
14h00-15h30: Post-Mortem Analysis session
Session Chair: Don Stikvoort, Stelvio
  • Philippe Bourgeois (CERT-IST), Over disk analysis hurdles
  • Wietse Venema (IBM), Indestructible Information
15h30-15h45 : Closing Remarks
Steering Committee Chair + Program Chair + Logistic Chair