14th Annual Computer Security
Incident Handling Conference
Hilton Waikoloa Village, Hawaii
June 24-28, 2002

Call for Papers


The conference

Tutorial submission

Panel submission

Paper submission

Selection process

Important dates


Program committee

Submission form


The Forum of Incident Response and Security Teams (FIRST, is a global organization whose aim is to facilitate the sharing of security-related information and to foster cooperation in the effective prevention, detection, and recovery from computer security incidents. Its members are CSIRTs (Computer Security Incident Response Teams) from government, commercial, academic, and other environments.

The FIRST conference ( brings together IT managers, system and network administrators, security specialists, academics, security solutions vendors, CSIRT personnel and anyone interested in

  • the most advanced techniques in detecting and responding to computer security incidents
  • the latest improvements in computer security tools, methodologies, and practice
  • sharing their views and experiences with those in the computer security incident response field

The Conference

The conference is a five day event, comprising two days of tutorials and three days of technical sessions which include refereed paper presentations, invited talks, and panel discussions.

The conference will discuss the most recent practical issues in computer and network security, focusing on incident response.

The program committee solicits original contributions on the following topics:

  • Incident Response
    Specific Incidents:
    • large computer virus outbreaks
    • Distributed Denial-of-Service (DDOS) attacks
    • Privacy and Intellectual Property incidents
    • insider incident response
    General Issues:
    • intrusion detection, analysis, and response automation
    • collecting evidence
    • computer and network forensics

  • CSIRT Operation and Tools
    • CSIRT Best Practices
    • automation of CSIRT operations
    • informing customers of new security threats (vulnerabilities, exploitation tools, viruses, etc.)
    • vulnerability analysis and advisory process
    • drafting incident response and security policies
    • experience with security tools, both commercial and free, both experimental and stable
    • new approaches to attack analysis
    • OS-specific log analysis tools
    • multi-source intrusion detection analysis

  • Response Team Cooperation and Legal Issues
    • coordinating international incident handling
    • trust relationships in incident response
    • international legal and liability in incident response
    • dealing with black hats

  • New Technologies, New Vulnerabilities
    • impact of new technologies (IPSEC and others) on incident response
    • vulnerabilities in WAP enabled web applications
    • vulnerabilities in PDA and Pocket PC's
    • forensics on wireless devices
    • experiences with deploying VoIP
    • commercial shopping and banking systems

  • Other Topics
    • competition, espionage, and information warfare
    • secure system and network administration
    • secure programming techniques and practices
    • Internet service providers and security
    • intruder profiling
    • outsourcing security -- managed security services

Tutorial Submission

Three tutorial tracks are planned:

  • The first track is oriented toward IT managers and will deal with topics such as drafting security policies incorporating policies for incident response, computer forensics, setting up security infrastructures, etc.

  • The second track is oriented toward technical staff and will provide in-depth information on security tools, designing security architectures, intrusion detection and monitoring tools, web security, etc. - in particular COMPUTER FORENSICS is a special interest topic this year.

  • The third track is tailored for people interested in building and organizing an incident response team or related services like security advisories, vulnerability analysis, etc.

Proposals are solicited from experts interested in giving a tutorial. Tutorials may be half or full day in length and can cover topics either at an introductory or advanced level.

All tutorial submissions will be handled electronically. Authors should email the completed submission form (attached below) to

Individuals interested in submitting tutorial proposals are encouraged to contact the program chair before the deadline to discuss the proposed content.

Panel Submission

Panels are solicited that examine innovative, controversial, or otherwise provocative issues of interest.

All panel submissions will be handled electronically. Authors should e-mail the completed submission form (attached below) to

A reduction of the conference fee will be offered to panel organizers.

Paper Submission

Authors are invited to submit papers, preferably in PostScript or PDF format (RTF and HTML are also accepted). The length should not exceed 12 pages typeset in a 12-point font. A detailed synthesis (2 pages minimum) will be considered if it gives a clear reflection of the contents and key points of the coming paper.

All paper submissions will be handled electronically. Authors should email a version of their paper and the completed submission form (attached below) to

Authors will receive an immediate notification of the successful receipt of the file containing their paper. Subsequently, a second notification of receipt will be sent after the paper has been printed successfully.

A reduction of the conference fee will be offered to one author of each accepted paper.

Process of Selection

Papers, tutorials, and panels will be evaluated by the program committee based on their quality and relevance. Each proposal will be reviewed by at least three independent reviewers, whose reviews will be relayed to the corresponding author. All submissions are held in confidentiality prior to publication in the proceedings.

Submissions received after the deadline will not be considered unless an extension has been granted. Authors must obtain employer, client, or government releases prior to submitting the final manuscript.

Accepted papers will be presented by their authors and will be published in the conference proceedings. The proceedings are provided free of charge to conference attendees. Additional copies will be available for purchase at the conference.


FIRST requires a non exclusive copyright license for all the papers presented at the conference and for the presentation material. This includes potential distribution on a conference CD and/or the FIRST website.

Important Dates

Submission deadline: November 16, 2001
Notification of acceptance: January 11, 2002
Final version of the paper due: March 11, 2002
Final presentation material (slides) due: May 1, 2002

Note that tutorial and panel proposals, as well as papers (or detailed syntheses, as described above) are expected to arrive prior to the submission deadline (NOVEMBER 16) in order to be considered.


If you have questions about the submission process, don't hesitate to send them to the appropriate email address:

Program Committee

Cristina SERBAN (Chair), - AT&T Labs, USA
Anne BENNETT - Concordia University - Canada
David CROCHEMORE - CERT Renater - France
Kathy FITHEN - PriceWaterhouseCoopers - USA
Klaus-Peter KOSSAKOWSKI - Germany
Larry LEIBROCK - eforensic - USA
Xing LI - CCERT - China
Chaeho LIM - CERTCC-KR - Korea
David MAILLARD - Intexxia - France
David MORTMAN - Siebel Systems - USA
Claudia NATANSON - British Telecom - UK
Steve ROMIG - Ohio State University - USA
Roger SAFIAN - NorthWestern University - USA
Kurt SAUER - Sun Microsystems - France
Derrick SCHOLL - Sun Microsystems - USA
Elizabeth SIEMERS - Guardent - USA
Hironobu SUZUKI - JPCERT/CC - Japan
Franck VEYSSET - Intranode - France

Proposal Submission Form

Here you can retrieve the
Proposal Submission Form for the FIRST 2002 Conference in ASCII format.