15th Annual Computer Security
Incident Handling Conference
The Westin, Ottawa
Ontario, Canada
June 22-27, 2003
This conference is sponsored by First.Org, Inc.

About the conference

Who should attend

Call for Papers


Where to stay

About Ottawa



Call for Papers


The Forum of Incident Response and Security Teams (FIRST, is a global organization which brings together one of the largest international gathering of computer security incident response teams (CSIRT). FIRST conferences not only provide a setting for teams to enjoy a social atmosphere, but also create a backdrop for networking, collaboration and the sharing of technical information. FIRST continues to enjoy a steady increase in membership internationally and is represented by teams from government, commercial and academic communities. ( ).

FIRST participants are IT managers, network and system administrators, academia, software and hardware vendors, security solutions providers, telecommunications organisations, ISPs, and general computer and network security personnel. FIRST conferences cover areas such as:

  • The most advanced techniques in security Incident Detection, Reaction and Response.
  • The latest advancements in computer security tools.
  • Best practice security methodologies.
  • Shared views and experiences in the computer security incident response field.

Every year the logistics and planning for the successive conference begins even before the start of the current conference. This year we add to the pre-planning stage the Call for Papers. This allows conference participants not only to begin thinking about ideas for next conference paper submissions but also provides an opportunity for queries and comments to the Program Committee.

The Conference

The conference is a five-day event, comprising two days of tutorials and three days of technical sessions, which include refereed paper presentations, keynote speeches and panel discussions.

The conference will discuss recent practical computer and network security issues, focusing on incident handling and response techniques and experiences. The programme committee welcomes original contributions on the following topics:

  • Incident Response
    Specific Incidents:
    • Large computer virus outbreaks
    • Distributed Denial-of-Service (DDOS) attacks
    • Privacy and Intellectual Property incidents
    • Insider incident response
    General Issues:
    • Intrusion detection, analysis, and response automation
    • Collecting evidence
    • Computer and network forensics

  • CSIRT Operation and Tools
    • CSIRT Best Practices
    • Automation of CSIRT operations
    • Informing customers of new security threats (vulnerabilities, exploitation tools, viruses, etc.)
    • Vulnerability analysis and advisory process
    • Drafting incident response and security policies
    • Experience with security tools, both commercial and free, both experimental and stable
    • New approaches to attack analysis
    • OS-specific log analysis tools
    • Multi-source intrusion detection analysis

  • Response Team Cooperation and Legal Issues
    • Coordinating international incident handling
    • Trust relationships in incident response
    • International legal and liability issues in incident response
    • Dealing with black hats

  • New Technologies, New Vulnerabilities
    • Impact of new technologies (IPSEC and others) on incident response
    • Vulnerabilities in WAP enabled web applications
    • Vulnerabilities in PDA and Pocket PC's
    • Forensics on wireless devices
    • Experiences with deploying VoIP
    • Commercial shopping and banking systems
    • Biometrics and their risks

  • Other Topics
    • Competition, espionage, and information warfare
    • Secure system and network administration
    • Secure programming techniques and practices
    • Internet service providers and security
    • Intruder profiling
    • Outsourcing security -- managed security services

Tutorial Submission

Three tutorial tracks are planned:

  • The first track is oriented toward IT managers and will deal with topics such as drafting security policies incorporating policies for incident response, computer forensics, setting up security infrastructures, etc.

  • The second track is oriented toward technical staff and will provide in-depth information on security tools, designing security architectures, intrusion detection and monitoring tools, web security, etc. - in particular SECURITY BEST PRACTICES (especially in regard to incident handling and/or to be compliant to applicable regulations) is a special interest topic this year.

  • The third track is tailored for people interested in building and organizing an incident response team or related services like security advisories, vulnerability analysis, etc.

Proposals are solicited from experts interested in giving a tutorial. Tutorials may be half or full day in length and can cover topics either at an introductory or advanced level.

All tutorial submissions will be handled electronically. Authors should email the completed submission form (attached below) to:

Individuals interested in submitting tutorial proposals are encouraged to contact the program chair before the deadline to discuss the proposed content. A reduction of the conference fee will be offered to tutorial presenters.

Panel Submission

Panels are solicited that examine innovative, controversial, or otherwise provocative issues of interest.

All panel submissions will be handled electronically. Authors should e-mail the completed submission form (attached below) to:

A reduction of the conference fee will be offered to panel organizers.

Paper Submission

Authors are invited to submit papers, preferably in PostScript or PDF format (RTF and HTML are also accepted). The length should not exceed 12 pages typeset in a 12-point font. A detailed synthesis (2 pages minimum) will be considered if it gives a clear reflection of the contents and key points of the coming paper.

All paper submissions will be handled electronically. Authors should email a version of their paper and the completed submission form (attached below) to:

Authors will receive an immediate notification of the successful receipt of the file containing their paper. Subsequently, a second notification of receipt will be sent after the paper has been printed successfully.

A reduction of the conference fee will be offered to one author of each accepted paper.

Process of Selection

The program committee based on their quality and relevance will evaluate papers, tutorials, and panels. Each proposal will be reviewed by at least three independent reviewers, whose reviews will be relayed to the corresponding author. All submissions are held in confidentiality prior to publication in the proceedings.

Submissions received after the deadline will not be considered unless an extension has been granted. Authors must obtain employer, client, or government releases prior to submitting the final manuscript.

Accepted papers will be presented by their authors and will be published in the conference proceedings. The proceedings are provided free of charge to conference attendees. Additional copies will be available for purchase at the conference.


FIRST requires a non-exclusive copyright license for all the papers presented at the conference and for the presentation material. This includes potential distribution on a conference CD and/or the FIRST website.

Important Dates

Submission deadline: November 15, 2002
Notification of acceptance: January 10, 2003
Final version of the paper due: March 10, 2003
Final presentation material (slides) due: April 15, 2003

Note that tutorial and panel proposals, as well as papers (or detailed syntheses, as described above) are expected to arrive prior to the submission deadline (NOVEMBER 15, 2002) in order to be considered.


If you have questions about the submission process, don't hesitate to send them to the appropriate email address:

Program Committee

The Programme Committee 2003 invites members to join the Programme Committee for 2003.

Claudia NATANSON (Chair), - BT Ignite, UK

Daniel AZUELOS - Pasteur Insititute, France
Anne BENNETT - Concordia, Canada
Chris Van BREDA - CGI, Canada
Dae Yong BYUN - CERTCC-KR, Korea
Tom DAVIS - Indiana University, USA
Michel DuPUY - CERTA, France
Scott ELAN - Sun Microsystems, USA
Kathy FITHEN - The Coca-Cola Company, USA
Laura GRILL - Northwestern University, USA
Eul Gyu IM - NSRI, Korea
Lamont JONES - HP, USA
Klaus-Peter KOSSAKOWSKI - Germany
John KRISTOFF - DePaul University, USA
Christoph KROLL - ESA, Germany
Joonho LEE - Federal Reserve Systems, USA
S.C. LEUNG - HKCERT-CC, Hong Kong, China
E. Larry LIDZ - University of Chicago, USA
Xinran LIU - CNCERT-CC, China
Jan MEIJER - CERT-NL, The Netherlands
Michel MIQUEU - CERT-IST, France
Francisco MONSERRAT - Red IRIS-CERT, Spain
Eric PANCER - Depaul University, USA
Chris PAYNE - DND CERT, Canada
Roger SAFIAN - Northwestern University, USA
Kurt SAUER - Sun Microsystems, France
Derrick SCHOLL - Sun Microsystems, USA
Rolf SCHULZ - ComCERT, Germany
Udo SCHWEIGERT - Siemens, Germany
Christina SERBAN - AT&T Labs, USA
Jeanne SMYTHE - UNC Chapel Hill, USA
John STARRETT - CSE, Canada
Yoshiki SUGIURA - JPCERT-CC, Japan
Hironobu SUZUKI - JPCERT-CC, Japan
Frank VEYSSET - Intranode, USA

Proposal Submission Form

Here you can retrieve the Proposal Submission Form for the FIRST 2003 Conference in ASCII format.

Last modified: 30 July 2002 -- this page has been digitally signed

Copyright © 1995 - 2002 by FIRST.ORG, Inc. / Contact: