Klaus-Peter Kossakowski: IT Incident Response Capabilities


Zur Person

Größere Projekte

IT Incident Response




FIRST Conference on Computer Security Incident Handling & Response 2001

Die Arbeit  |  Teams  |  Konferenzen  |  Bibliographie

2001 2000 1999
1998 1997 1996 1995 1994
1993 1992 1991 1990 1989


Toulouse, Frankreich.


18. - 22. Juni 2001

 Tutorials (Erster Tag):

  • Byron Collie (Wells Fargo Services Company, USA) / Legal and Operational Issues affecting Evidence Preservation and Recovery in Intrusion Cases
  • Robin M. Ruefle (CERT Coordination Center, USA) / Creating a Computer Security Incident Response Team

 Tutorials (Zweiter Tag):

  • Christine M. Orshesky (IFsec) / Investigation Malware Incidents
  • Douglas W. Barbin, Rob Hanson (Guardent, USA) / Management and Forensics in the 21st Century
  • Dan Garrett (Emerging Technologies Group, USA) / Recovering Malicious User Activity
  • Elizabeth Siemers (Guardent, USA) / NOSC's : The Good, The Bad & The Ugly

 Keynote Speakers:

  • Henri Serres (Central Directorate of Information Systems Security) / Ensure security and confidence in cyberspace : A priority for France
  • Danny de Temmerman (European Commission - DG Information Society) / Network and information security - A European Policy Approach
  • Isabelle Tisserand (XP Conseil, France) / Human factor in a firm security policy

 Session: CSIRT Operations

  • Jimmy Arvidsson (Telia, Sweden) / Incident organization and security incident handling
  • Marko Laakso (University of Oulu, Finland) / Introducing constructive vulnerability disclosures
  • David Bratzer (Zero-Knowledge Systems, Canada) / Experience with abuse management in privacy-enhancing systems

 Session: Denial of Service

  • David Harmelin (Dante, UK) / DoS attacks on transit networks
  • Robert Thomas (USA) / What NOT to do during a DDoS attack

 Session: CSIRT Cooperation

  • Gorazd Bozic (SI-CERT, Slowenia) / Collaboration of European Computer Security Incident Response Teams
  • Don Stikvoort (Stelvio, NL) / The trusted introducer service
  • Klaus-Peter Kossakowski (Germany) / Teams Update Panel
    • AT&T, Peru
    • BT Secure Business Services, UK
    • CERT Polska, Poland
    • CIAC, USA
    • Depaul University, USA

 Session: Pro-Active CSIRT Tools

  • Hyun Woo Lee (CERTCC-KR, KR) / Experiences with national wide scan detect systems
  • Philippe Bourcier (CyberAbuse) / The CyberAbuse Project
  • Mark McPherson (AUSCERT, Australia) / Automated incident report processing and cross correlation of probe and scan information

 The CSIRT model in the real world (Panel)

Die Teilnehmer:

  • Andew Cormack - Janet-CERT
  • Kathy Fithen - PricewaterhouseCoopers
  • Jan Krogh Jensen - TeleDanmark
  • Klaus-Peter Kossakowski (Panel chair)
  • Mark McPherson - AusCERT
  • Andrea Servida - European Commission

 Session: Intrusion Detection

  • Takefumi Onabuta (Japanese IT Promotion Agency, Japan) / A protection mechanism for an intrusion detection system
  • James J. Yuill (North Carolina State Univ., USA) / Intrusion-detection for incident response, using a military battlefield-intelligence process

 Session: Secure Practices

  • Anne Bennett (Concordia Univ., Canada) / Securing web-based application with hole-in-the-chroot
  • Franck Veysset (Intranode) / OS Fingerprinting

 "Ask the Experts" (Panel):

  • Panelists from various teams

 Session: Post-Mortem Analysis

  • Philippe Bourgeois (CERT-IST, France) / Over Disk Analysis Hurdles
  • Wietse Venema (IBM) / Indestructible Information


© 1998-2001 by Klaus-Peter Kossakowski, Germany.