Mini MetriCon 3.5 Call for Participation

Post-Workshop Note: The presentations are posted as embedded links in the agenda. The digest will be posted soon.

Mini MetriCon 3.5 will be held this year on Monday, April 20, 2009 within walking distance of Moscone Center, the location of the RSA 2009 Conference to be held during the same week in San Francisco, CA. Metricon 3.5 is an informal workshop designed to facilitate exchange of new ideas as well as practical experience in using metrics to drive better security, compliance, and risk management. The day will be divided equally between open/moderated exchange and short informal presentations. Participants are expected to come prepared to actively interact as either presenters or active listeners.

PLACE: Google Offices
(within walking distance of Moscone in SanFrancisco, CA.)

TIME: 8:30am to 4:30pm

PARTICIPATION: Invitation only.

ATTENDANCE: Limited to 50 people

PROGRAM: Practical Security Metrics

SPONSOR: Google, Inc.

PROGRAM
COMMITTEE:

• Chair, Betsy Nichols, PlexLogic
• Fred Cohen, Fred Cohen & Associates
• Jeremy Epstein, SRI International
  
• Ray Kaplan, Ray Kaplan and Associates
  
• Steve Kruse, Impruve
  
• Andrew Jaquith, Forrester Research
• Pete Lindstrom, Spire Security
• Steve Piliero, Center for Internet Security
• Lilian Wang, ClearPoint Metrics

IMPORTANT DATES:

• 19 Jan 2009 - Responses Due to this Call
• 6 Feb 2009 - Notification of Acceptance
• 20 Apr 2009 - Metricon 3.5 Workshop

Additional information will be posted at www.securitymetrics.org as it becomes available.

Due to space limitations, we are asking all who are interested in participating to send an email to Metricon3.5@SecurityMetrics.org . Please provide some information about who you are, what is your interest/experience with metrics, what metrics you can bring to discuss, and your preferred level of participation. Possible levels of participation include: presenter and active audience participant.

Presenters: Please provide an abstract of 5 paragraphs or less that describes the nature of the metrics and metric results that you would like to present. Plagiarism is dishonest and the organizers of this workshop will take appropriate action if dishonesty of this sort is discovered. Submission of recent, previously published work as well as simultaneous submissions to multiple venues is entirely acceptable but only if you disclose this in your proposal.

Active audience participants: Please indicate areas of specific interest.

Some links to examples of past well-received presentations are:

For enterprise programs:
eBay Presentation
Intel Presentation

For quantitative results:
Verizon Presentation
Whitehat Presentation

CRITERIA for EVALUATION (Added 2 Jan 2009)
Based on the results from a survey of interests of the SecurityMetrics.org community in the Nov-Dec 2008 timeframe, the Program Committee has defined the following criteria for evaluating proposals for participation in Metricon 3.5:

For presenters:
The topics of highest interest, based upon survey results are: case studies and metrics that matter--defintions and how to interpret results. Selection criteria are:

• Is the material new
• Is the material relevant to the topics of highest interest to the community.
• Is the material immediately useful
• Is the matrical timely. Does it address current events and trends.

For active audience participants:
The primary criteria are willingness to share information--both good and bad--about their security metrics initiatives, whether thier respective programs are mature or just starting.

NOTIFICATION
To get invitations out well beforehand, we need all email submissions to be sent by Monday, 19 Jan 2009. Our goal is to send invitations to participate by 6 Feb 2009.

Visit http://www.securitymetrics.org for digests, presentations, and handouts from past Metricon Workshops.

Please direct any questions to Metricon3.5@securitymetrics.org.