For the second year in a row, the CERT Coordination Center (CERT/CC) and the Forum of Incident Response and Security Teams (FIRST) jointly hosted an international competition to honor best practices and advances in safeguarding the security of computer systems and networks. The purpose of the contest was to solicit best practices that prevent cyber attacks or mitigate attacks that are unfolding so that others may benefit from the knowledge. The contest was held in conjunction with the 2009 FIRST annual conference in Kyoto, Japan.
The topic of the competition was chosen from the phases of a computer security incident response team's cycle of activity: Protect, Detect, Respond and Sustain. This year's topic was "Detect."
The Forum of Incident Response and Security Teams (FIRST) annual conference brings together computer security incident response teams (CSIRTs), government officials, researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the field of computer system and network security. FIRST and the CERT Coordination Center (CERT/CC) will host a best practices contest during the 2009 FIRST annual conference in Kyoto, Japan. The purpose is to identify and share the CSIRT community's best practices in order to help organizations use methods that most effectively mitigate security threats globally.
All interested parties are encouraged to submit the best practices they use to improve and maintain a high standard of information security in the topic area described below. Submissions are due by May 11, 2009 at 11:59pm (U.S. Eastern Daylight Time, UTC-4).
An evaluation committee will review the submitted best practices and award the top two. FIRST and the CERT/CC will present the awards during the 2009 FIRST annual conference.
The topic for this year's best practices contest is chosen from the operational activity cycle within CSIRTs. This cycle is typically divided into four categories: Protect, Detect, Respond, and Sustain.
Last year, the topic for submissions was Protect. This year's topic is focused on the Detect category. In the Detect process, information about potential incidents, vulnerabilities, or other computer security or incident management information is gathered either reactively (received from internal or external sources in the form of reports or notifications) or proactively (monitoring indicators of possible incidents or the exploitation of vulnerabilities through mechanisms such as network monitoring or IDS).
Detection steps can include the following:
Detect can apply to both human and automated processes for detection and analysis.