Welcome
Welcome to securitymetrics.org, a community website for security practitioners. Securitymetrics.org offers a community blogging service (this page) and a members-only mailing list. See the Mailing List page for more details.

MetriCon 4.0

The MetriCon 4.0 Workshop will be held on Tuesday, August 11, 2009, in Montreal, Quebec, co-located with the USENIX Security Symposium. The theme of this episode is The Importance of Context. As with all MetriCon events, MetriCon 4.0 is by invitation; invitations for attendance-only remain available. If you wish to attend, communicate via email to the MetriCon 4.0 program committee at your earliest convenience.

Draft Agenda

1. Baseline Scoring Methods

  • Reproducible Measurement as a Foundation for Security Assessment Metrics, John Nye
  • Orbitz SCAP Metrics, Ed Bellis
2. Measuring Impact
  • Business Focused: Foundations for Security Business Intelligence II, Richard Seiersen
  • Metrics for Detecting Compromised Systems, Shivaraj Tenginakai
3. Enterprise Security Management
  • Security Metrics in Governance, Risk and Compliance, Li Liu
Using Security Metrics to Motivate a Response to A Critical Vulnerability, Jim Cowie
  • Foundational Practices that Optimize Security and Operations, Gene Kim
4. Software Security
  • The Building Security In Maturity Model, Gary McGraw & Brian Chess
  • Does Software Quality Matter?, Sandy Clark & Matt Blaze
5. Trends and Stats
  • Crunching Metrics from Public Data, Betsy Nichols
  • Data Loss DB, David Shettler
6. Security Manager Panel
  • Moderator, Jennifer Bayuk
  • Panelists: announced shortly when complete

Handouts
  • Measuring the future basis of competition among AV products
  • Performance Testing the Vulnerability Response Decision Assistance (VRDA) Framework
  • PCI DSS Statistics and Metrics
  • Techniques for Enterprise Network Security Metrics
  • CIS Consensus Project
  • Big Bangs and Natural Selection in the Metrics Universe
  • SOX Material Weakness and CIO/CEO turnover

Mini MetriCon 3.5

Mini MetriCon 3.5 was held Monday, April 20, 2009, in SanFrancisco, California, adjacent to the USA RSA 2009 Conference.

The agenda and original CFP remain available.

MetriCon 3.0 Presentations and Digest

The MetriCon 3.0 presentations and digest are available as attachments to the final agenda

Mini MetriCon 2.5 Presentations

The MiniMetriCon 2.5 presentations are available as attachments to the final agenda.

Metrics Catalog Project

The Metrics Catalog Project is officially launchd. General information can be found in the following documents:

A preview web site at http://www.MetricsCenter.org is available, as well. We highly recomment that you read the above three documents before visiting the site.

BEWARE: You will need a Javascript enabled browser to view the Metrics Catalog and Survey pages.

--Elizabeth Nichols, 15-Jun-2008

Logged in? Add a New entry to this blog!

Weblog archives:
This site is not affillated with any organization, and the opinions expressed on this website are strictly those of the authors themselves.

To log in to the Securitymetrics.org website, create a profile first.

Attachments

Agenda Draft v2.pdf Info on Agenda Draft v2.pdf 105915 bytes
MM35 Draft Agenda.pdf Info on MM35 Draft Agenda.pdf 105735 bytes
metricon40.cfp.pdf Info on metricon40.cfp.pdf 56256 bytes
MiniMetricon2.5 Agenda Final.pdf Info on MiniMetricon2.5 Agenda Final.pdf 71221 bytes