What's New 2019

The Emergence of Computer Security Incident Response, 1989–2005, by Rebecca Slayton and Brian Clarke (available in PDF).

October 9th, 2019 – As the year draws to a close, it is time for businesses across all industries and sectors to reflect and prepare for the upcoming new year. With this in mind, premier organization and recognized global leader in incident response - Forum of Incident Response and Security Teams (FIRST) has produced 11 vital steps that organizations should take to improve their incident response strategy.

Bringing together Security and Incident Response teams from around the globe.

Is content king? Fisher argues data alone can lead us astray, instead, it is the story we should focus on. With a presentation loaded with artwork and visuals, Fisher hopes to teach statistic savvy security responders to see the bigger picture. What patterns appear when we take a step back? What narrative does the evidence summon? Question your answers and dive into this discussion with Chris and Martin.

Not EVERYONE who tweets from the toilet at 6 in the morning is a Narcissist.” In this episode, Chris and Martin dive into a discussion with data savvy Monica Whitty about how to spot and stop an insider threat. Unfortunately, most insider attacks we never see coming, but as Whitty explains, hindsight can be a tool. Realizing that not every perpetrator is evil or malicious, companies can begin to see the data for what it really is: people. Navigate psychological factors and learn to spot warning signs in this perceptive podcast!

September 18th, 2019 – At FIRST we strongly believe that in order to build a global cybersecurity incident response community, from which every company or user participating in the Internet can benefit, we should all work to limit the impact of sanctions or export regulations on incident responders. This includes being a forum where technology corporations such as Huawei, have the ability to participate the same as others.

No computers, no worries! After favorable feedback from the 2018 Conference, Chiyuki and her team returned this year with even more tabletop fun. Chris and Martin get the inside scoop on how a little friendly competition creates an international platform for learning. Without technology, red and blue teams ultimately work together to solve a handful of security scenarios in this Choose Your Own Adventure style exercise.

July 21st 2019 - The Forum of Incident Security Response Teams, Inc. (FIRST) is pleased to release the CSIRT Services Framework Version 2.0 (PDF). This version is heavily based on the lessons learned from our work on the PSIRT Services Framework and feedback received from practitioners. The volunteers contributing to took time to restructuring the previous versions to address recognized weaknesses. Because of this, we ask for feedback from all interested parties which will then become incorporated in the planned Version 2.1.

July 12th, 2019 - The Forum of Incident Response and Security Teams (FIRST) has published an update of its internationally recognized Common Vulnerability Scoring System (CVSS). CVSS is a common scoring system designed to provide open and universally standard severity ratings of software vulnerabilities for the security community. Used by organizations worldwide, version 3.1 documentation is now available on the FIRST website for members and non-members to reference.

FIRST launched its FIRST Post, a quarterly newsletter with updates from the FIRST community. Learn more about our Edinburgh conference, our new Executive Director, Chris Gibson, and several key initiatives such as the Product Security Incident Response Team (PSIRT) framework and policy outreach.

The Forum of Incident Response and Security Teams releases its third annual report, covering the scope of its activities from the 2018 conference in Kuala Lumpur, through its 2019 annual event in Edinburgh.

Join the interview in progress! Chris John Riley chats with Ralf Hund, CTO at VMRay and a supporter of the annual FIRST conference since 2016. Ralf shares his thoughts on the ongoing game of cat and mouse the industry is faced with when dealing with malware detection and the new protection technologies VMRay is working on in order to provide incident responders with faster and greater visibility to threats.

Join the interview in progress! The guys speak with presenters, Mike Murray (Senior Manager) and Robert Lelewski (Proactive Services Team Lead) of Secureworks. The duo are presenting on Thursday, June 20th from 11:00-12:00 and will be sharing their experiences and takeaways from conducting over hundreds of tabletops across various organizations. Get a primer of their upcoming session in this interview.

FIRST is pleased to announce the creation of two new Special Interest Groups: PSIRT and Cyber Insurance! The PSIRT SIG is developing learning materials to support the evolution of PSIRTs at all maturity levels, and the Cyber Insurance SIG is coordinating data sharing and providing a feedback mechanism between CERTs and Cyber Insurance organizations.

We’re kicking off the first episode of this year’s podcast with the man of the moment, Andrew Cormack, program chair of the 31st Annual FIRST Conference! Chris John Riley and Martin McKeay return as our podcast hosts once again and pick up where they left off almost a year ago during their last chat with Andrew. The guys touch on the program selection process, highlights of this year’s program, and what new things attendees will experience this year. Andrew is the Chief Regulatory Adviser at Jisc and a long time member and supporter of FIRST and the IR community.

The Forum of Incident Response and Security Teams (FIRST), which brings together incident responders from around the world, invested in the creation of a new training course “DDoS Mitigation Fundamentals”. Authored by Krassimir T. Tzvetanov, a recognized expert in the field, the training teaches incident responders to handle attacks and securing their organisations.

To start you on your path to PSIRT goodness, you’ll want to read and digest the PSIRT Maturity Document created by your friendly global FIRST PSIRT representatives. And what’s a better place to start than at the beginning?

Check out these posts on the PSIRT Services Framework and PSIRT Operational and Maturity the week of 21 January 2019! A new blog will be posted Monday -Thursday and can be found here: https://first.org/blog/

This five-day annual conference features incident response, management and technical tracks, keynote presentations, lightning talks and plenty of networking opportunities. In addition to learning the latest security strategies in incident management, attendees can earn up to 25 continuing professional education (CPE) credits and gain insight into analyzing network vulnerabilities.