What's New

The European Union Agency for Cybersecurity is dedicated to achieving a high common level of cybersecurity across Europe.
For more than 15 years, ENISA has played a key role in enabling digital trust and security across Europe, together with its stakeholders including the Member States and EU bodies and agencies.

The Forum of Incident Response and Security Team (FIRST) has updated the globally renowned Traffic Light Protocol (TLP) for the cybersecurity industry - a vital system used by organizations all around the world to share sensitive information. The new version of the TLP results from a thorough consultation with over 50 security industry experts over three years with the goals to standardize, unify and modernize the content and language and provide improved supporting materials.

Annual FIRST Conference in Dublin, the Republic of Ireland, is a triumph; Dr. Sherif Hashem is the new Chair of FIRST, and four new members join the FIRST Board of Directors; Four new additions to the FIRST Board of Directors; The FIRST 2021-22 Annual Report is now available; FIRST adds a New Director of Community and Capacity Building to the team; 34 new members join FIRST;

Just a few years ago, security orchestration, automation and response (SOAR) was the new buzzword associated with security modernization. Today, however, SOAR platforms are increasingly assuming a legacy look and feel. Although SOARs still have their place in a modern SecOps strategy, the key to driving SecOps forward today is no-code security automation. Read on to learn what lightweight security automation means, how it compares to SOAR and why SOARs alone won’t help you stay ahead of today’s security threats.

Last week FIRST learned that it is among a large group of organizations that were rejected from participating in the Open ended Working Group (OEWG) process, despite the groups expressed commitment to work with non-governmental organizations.

I want the needle, and the haystack to go along with it. Attackers take advantage of siloed data and security tools to exploit systems using misconfigurations and move laterally. This lateral movement across different attack surfaces has attackers flowing between the control plane and data plane of your environment to escalate privileges and seek out targeted access.

Over the past five days, 1,000 specialists representing six continents united in the cyber-crime fight at the Forum of Incident Response and Security Teams (FIRST) conference in Dublin, Ireland

From how Ukraine is dealing with cyber attacks against its critical infrastructure, to the rapidly growing access to online child sexual abuse material and the sophisticated approaches to ransomware, phishing, and online fraud as well discussing cooperation with the United Nations and with INTERPOL and law enforcement– no stone was left unturned for delegates working together to protect societies world-wide

DNS Abuse is a pretty widely used term. On the surface, it might seem like a simple term that's easily understood. But when you look more closely, the definition depends on your perception of the issue—and can be defined both broadly, or more narrowly.

I had the absolute pleasure of participating in and attending the recent FIRST Technical Colloquium at the W Hotel in Amsterdam, Netherlands, April 12–14. It was great to see nearly 100 people attend and over 50 people participating in training at this long-awaited in-person event. The program featured 17 speakers and two on-site trainers who held several popular workshops.

New Director of IT & Security role to bolster FIRST’s Business Plan; Upcoming Technical Colloquia, Symposiums, and Annual Conference; Last chance to nominate individuals or teams for the Incident Response Hall of Fame; FIRST contributes to important global policy and governance discussions; Mentors sought for new FIRST Mentorship Program; Eleven more member teams join FIRST; FIRST Infrastructure Updates - New Application Process

The Board of Directors strongly believes that FIRST should be an inclusive organization with broad global participation and collaboration to make the internet safe for everyone.

Three new Special Interest Groups created by FIRST members; FIRST partcipates in several important UN actvites; 19 events organized in 2021 - registraton opens for FIRST Annual Conference in 2022; Twelve more member teams join FIRST

Every incident response team globally is facing a serious increase of workload. As attackers scan and penetrate networks via automation, so must defenders look at automation.

Last month, I was honored to be one of the planners and participants of the FIRST Technical Colloquium (TC) in Norway. Organized by FIRST members, the event was held just outside of Oslo at the Telenor Expo, Telenor headquarters in Fornebu.

Norwegian members of FIRST to host a technical colloquium in Oslo in November; More FIRST events to add to your calendar; The FIRST Board of Directors meets across two continents to build our two-year business plan; Empowering Women in Cybersecurity: ITU, FIRST, and EQUALS Global Mentorship Pilot Program concludes; 16 more member teams join FIRST;

Did you miss our Virtual 33rd FIRST Annual Conference?; ICASI integrates into FIRST PSIRT SIG, bolstering the incident response and security team industry; FIRST Welcomes a new Chair and Five New Board of Directors; FIRST publishes its fifth Annual Reportt; A new fellowship team joins FIRST - Malawi CERT; Jeffrey Carpenter and Dan Kaminsky newly inducted into FIRST’s Incident Response Hall of Fame; FIRST membership continues to grow - we’re now at 575 members from 98 countries.

FIRST published its fifth Annual Report which covers the organization’s accomplishments towards its vision of bringing together incident response and security teams from every country across the world to ensure a safe internet for all. The report is available at FIRST Annual Report 2020-2021.

ICASI – the Industry Consortium for Advancement of Security on the Internet was officially integrated into the Forum of Incident Response and Security Teams (FIRST) on May 28, 2021. Established in 2008, ICASI’s purpose was to strengthen the global security landscape by driving excellence and innovation in security response practices; facilitating collaboration among members to analyze, mitigate, and resolve multi-stakeholder, global security challenges. This role will continue but as part of the existing FIRST PSIRT SIG, expand and improve the community’s ability to respond to vulnerabilities across multiple vendors. Founded in 1990, FIRST is the global leader in incident response.

33rd FIRST Annual Conference: Crossing Uncertain Times; Mark your calendars: FIRST reveals 2021 events calendar; FIRST welcomes its 97th country and member 562: Benin bjCSIRT; FIRST, ITU and Equals launches Women in Cyber Mentorship Program for Arab and Africa Regions; Get your nominations in for the third edition of The Incident Response Hall of Fame; New Podcast - FIRST Impressions - is launched!

This evolving and brutally effective threat can have a significant impact on an organization’s resources, finances, and reputation, but it can be stopped

Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a “follow the money” approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events —either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes.

Over 2500 Cybersecurity Professionals Participate In 32nd FIRST Annual Conference - Where Defenders Share. 2021 33rd Annual Conference Theme And Call For Papers. 2020 FIRST Virtual Symposium For Africa And The Arab Region - Supporting The Effectiveness Of Incident Response Within Africa. Ian Cook And Don Stikvoort Receive Joint Honors In The Incident Response Hall Of Fame Awards. New Code Of Ethics Launched On Global Ethics Day. FIRST Partners With Itu And Equals Global Partnership To Empower Women In Cybersecurity. FIRST To Contribute To Itu National Cybersecurity Strategy Guide. Mou Signed Between First And Ocf To Advance Membership Of Incident Responders And Security Teams Across The Globe. Reminder - 2021 First Membership Renewal.

Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a “follow the money” approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events —either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes.

Last weekend we issued a ransomware alert about a wave of attacks using a never-seen-before strain dubbed ‘Pay2Key.’ Our investigation suggested the ransomware operators were mostly targeting Israeli companies. The ransomware used in the attacks spread rapidly across victims’ networks, leaving significant parts of the network encrypted along with a ransom note, threatening to leak stolen corporate data unless the ransom is paid.

Los equipos de respuesta a incidentes de seguridad necieron tras el considerado primer gran ciberataque mundial, provocado por el 'virus Moris', en 1988.

October 21, 2020 – following a global consultation, the Forum of Incident Response and Security Teams (FIRST) is launching new ethics guidelines for incident response and security teams today on Global Ethics Day. ethicsfIRST provides guidance for cybersecurity professionals on how to conduct themselves professionally and ethically during incidents. Inspired by Earth Day, Global Ethics Day provides an opportunity for organizations to explore the meaning of ethics in international affairs

2020-2022 Board Announced. Welcoming a new board member – Shawn Richardson. FIRST reveals its new Vision and Mission. FIRST 32nd Annual Conference – Virtual Edition. Tips on how to publish your ideas in peer-reviewed journals. Code of Conduct – A Reminder. Infrastructure update. Have you read our new Annual Report yet?

The results of the 2020 FIRST Board of Directors election follow:

  • Alexander Jaeger (Google IRT)
  • Serge Droz (Liaison,Proton-CERT)
  • Dave Schwartzburg (Cisco Systems)
  • Javier Berciano (Liaison,One eSecurity)
  • Shawn Richardson (NVIDIA)

The full board list can be found here. Thank you to all of the candidates who ran in the election.

July 27th, 2020 - The Forum of Incident Response and Security Teams (FIRST) is proud to publish its fourth Annual Report today. The report details the organization’s achievements towards building a mature global incident response community. It covers the period between the 2019 conference in Edinburgh, Scotland and July 2020. FIRST Annual Report 2019-2020

2020 Agm & Election. 2020 Conference update and impact of Covid-19. First 2020 CTI Symposium in Switzerland moved online. First to Review the Traffic Light Protocol standard to increase global adoption. First updates coordination principles for Multi-Party Vulnerability Coordination and Disclosure. First and Mitre Engenuity partner to expand The Global Understanding of Adversary Behaviors. More new partnerships forged to make the internet safe for everyone. Virtual site visits currently available for new applicants. Critical VPN vulnerabilities show the need for proactive risk scanning. ISO and standards update. New breach workshop materials available. A new initiative to build trust. First infrastructure update Portal & SSO.

Málaga Hosts the first European Symposium and Tf-Csirt Meeting for Global Security Experts. FIRST participates in the un’s Development of Cyber Norms. FIRST Technical Colloquium - Ljubljana, Slovenia. FIRST releases updated computer security incident response team (CSIRT) Services Framework – Version 2.1. SPECIAL RECOGNITIONS – Member Awarded Order Of Three Stars In Latvia. Raising awareness of FIRST. First Infrastructure Update - Member Portal & Identity Project. Annual Conference and Annual General Meeting update

Internet Hall Of Fame inducts the late Suguru Yamaguchi. FIRST launches Women In Cybersecurity Initiative. FIRST Metrics SIG Webinar series re-launched. FIRST Infrastructure Update. “Insure” you participate in this call. A warm welcome to our 500th member - Versia. Improving Security Together.

The Emergence of Computer Security Incident Response, 1989–2005, by Rebecca Slayton and Brian Clarke (available in PDF).

October 9th, 2019 – As the year draws to a close, it is time for businesses across all industries and sectors to reflect and prepare for the upcoming new year. With this in mind, premier organization and recognized global leader in incident response - Forum of Incident Response and Security Teams (FIRST) has produced 11 vital steps that organizations should take to improve their incident response strategy.

Bringing together Security and Incident Response teams from around the globe.

Is content king? Fisher argues data alone can lead us astray, instead, it is the story we should focus on. With a presentation loaded with artwork and visuals, Fisher hopes to teach statistic savvy security responders to see the bigger picture. What patterns appear when we take a step back? What narrative does the evidence summon? Question your answers and dive into this discussion with Chris and Martin.

Not EVERYONE who tweets from the toilet at 6 in the morning is a Narcissist.” In this episode, Chris and Martin dive into a discussion with data savvy Monica Whitty about how to spot and stop an insider threat. Unfortunately, most insider attacks we never see coming, but as Whitty explains, hindsight can be a tool. Realizing that not every perpetrator is evil or malicious, companies can begin to see the data for what it really is: people. Navigate psychological factors and learn to spot warning signs in this perceptive podcast!

September 18th, 2019 – At FIRST we strongly believe that in order to build a global cybersecurity incident response community, from which every company or user participating in the Internet can benefit, we should all work to limit the impact of sanctions or export regulations on incident responders. This includes being a forum where technology corporations such as Huawei, have the ability to participate the same as others.

No computers, no worries! After favorable feedback from the 2018 Conference, Chiyuki and her team returned this year with even more tabletop fun. Chris and Martin get the inside scoop on how a little friendly competition creates an international platform for learning. Without technology, red and blue teams ultimately work together to solve a handful of security scenarios in this Choose Your Own Adventure style exercise.

July 21st 2019 - The Forum of Incident Security Response Teams, Inc. (FIRST) is pleased to release the CSIRT Services Framework Version 2.0 (PDF). This version is heavily based on the lessons learned from our work on the PSIRT Services Framework and feedback received from practitioners. The volunteers contributing to took time to restructuring the previous versions to address recognized weaknesses. Because of this, we ask for feedback from all interested parties which will then become incorporated in the planned Version 2.1.

July 12th, 2019 - The Forum of Incident Response and Security Teams (FIRST) has published an update of its internationally recognized Common Vulnerability Scoring System (CVSS). CVSS is a common scoring system designed to provide open and universally standard severity ratings of software vulnerabilities for the security community. Used by organizations worldwide, version 3.1 documentation is now available on the FIRST website for members and non-members to reference.

FIRST launched its FIRST Post, a quarterly newsletter with updates from the FIRST community. Learn more about our Edinburgh conference, our new Executive Director, Chris Gibson, and several key initiatives such as the Product Security Incident Response Team (PSIRT) framework and policy outreach.

The Forum of Incident Response and Security Teams releases its third annual report, covering the scope of its activities from the 2018 conference in Kuala Lumpur, through its 2019 annual event in Edinburgh.

Join the interview in progress! Chris John Riley chats with Ralf Hund, CTO at VMRay and a supporter of the annual FIRST conference since 2016. Ralf shares his thoughts on the ongoing game of cat and mouse the industry is faced with when dealing with malware detection and the new protection technologies VMRay is working on in order to provide incident responders with faster and greater visibility to threats.

Join the interview in progress! The guys speak with presenters, Mike Murray (Senior Manager) and Robert Lelewski (Proactive Services Team Lead) of Secureworks. The duo are presenting on Thursday, June 20th from 11:00-12:00 and will be sharing their experiences and takeaways from conducting over hundreds of tabletops across various organizations. Get a primer of their upcoming session in this interview.

FIRST is pleased to announce the creation of two new Special Interest Groups: PSIRT and Cyber Insurance! The PSIRT SIG is developing learning materials to support the evolution of PSIRTs at all maturity levels, and the Cyber Insurance SIG is coordinating data sharing and providing a feedback mechanism between CERTs and Cyber Insurance organizations.

We’re kicking off the first episode of this year’s podcast with the man of the moment, Andrew Cormack, program chair of the 31st Annual FIRST Conference! Chris John Riley and Martin McKeay return as our podcast hosts once again and pick up where they left off almost a year ago during their last chat with Andrew. The guys touch on the program selection process, highlights of this year’s program, and what new things attendees will experience this year. Andrew is the Chief Regulatory Adviser at Jisc and a long time member and supporter of FIRST and the IR community.

The Forum of Incident Response and Security Teams (FIRST), which brings together incident responders from around the world, invested in the creation of a new training course “DDoS Mitigation Fundamentals”. Authored by Krassimir T. Tzvetanov, a recognized expert in the field, the training teaches incident responders to handle attacks and securing their organisations.

To start you on your path to PSIRT goodness, you’ll want to read and digest the PSIRT Maturity Document created by your friendly global FIRST PSIRT representatives. And what’s a better place to start than at the beginning?

Check out these posts on the PSIRT Services Framework and PSIRT Operational and Maturity the week of 21 January 2019! A new blog will be posted Monday -Thursday and can be found here: https://first.org/blog/

This five-day annual conference features incident response, management and technical tracks, keynote presentations, lightning talks and plenty of networking opportunities. In addition to learning the latest security strategies in incident management, attendees can earn up to 25 continuing professional education (CPE) credits and gain insight into analyzing network vulnerabilities.

The 2019 event calendar has been updated. We have several events with open registration so please update your calendars and register today!

Would you like to find a way to give back to FIRST and the incident response community? Sign-up on our first-trainers list to be notified of opportunities to travel the world and share your expertise. FIRST will provide the materials and travel if you provide your time and knowledge. Contact first-sec@first.org for more details.

Join the interview in progress! We’re closing out the 2018 podcast series with our 2019 program chair! Chris and Martin spend the last day of FIRST 2018 with a very well-known and very much appreciated active member of FIRST, Andrew Cormack. Andrew is the Chief Regulatory Adviser at Jisc Technologies and has graciously taken on the role of conference program chair for the 31st Annual FIRST Conference: Securing the Castle, June 16-21, 2019 in Edinburgh, Scotland. Take a listen and find out what Andrew has been up to and what he’ll be looking for to fill the 2019 program.

Volunteers at FIRST initiative enables contributors to share their past experience with FIRST community and also receive a certificate of participation in the program.

Join the interview in progress! Chris John Riley interviews one of our favorites and a long-time supporter of FIRST, Bruce Schneier. Bruce is currently the CTO at IBM Resilient and lecturer at Harvard Kennedy School. While Bruce was not presenting at this year's conference, he stopped by to hang-out with the FIRST community to talk shop and talk about his new book, "Click Here to Kill Everybody". Listen in to this fun and engaging interview. Special thanks to IBM Resilient for their continued support of FIRST and their sponsorship of the annual conference banquet.

Each year, FIRST works with local teams to help locate an internet solutions provider willing to provide the conference with its own direct connectivity independent of the conference venue. This year with the championing of Cybersecurity Malaysia, FIRST was lucky enough to gain the support of TIME dotcom – one of Malaysia’s leading ISPs. Join the interview in progress as Chris chats with Paresh on the types of security challenges they face as an ISP and how they are planning for the future.