March 19, 2010
Mini-Metricon 4.5 was held Monday, March 1, 2010, in San Francisco, California, adjacent to the USA RSA 2010 Conference. The presentations are posted links in the this page; the original CFP is here as well.
- Chris Walsh, Introductory Remarks
- Jennifer Bayuk – Summary of Metricon 4.0
- Morning Session I – Chair: Jeremy Epstein
- Pete Lindstrom, Spire Security – Qualitative Tuning as Preparation for Quantitative Methods
- Ashish Larivee, Veracode – Metrics for insights on the state of application security
- Morning Session II – Chair: Joe Magee
- Alex Hutton and Wade Baker, Verizon Business – Translating the Narrative into Metrics: The Verizon Incident Sharing Framework
- Anoop Singhal, NIST – Ontologies for Modeling Enterprise Level Security Metrics
- Afternoon Session I – Chair: Caroline Wong
- Christian Frühwirth, Helsinki Institute of Technology – Improving CVSS-based Vulnerability Prioritization with Business Context Information
- Ramon Krikken, Burton Group – Field Research: Security Metrics Programs
- Afternoon Session II – Chair: Ray Kaplan
- Panel: Metrics for Cloud Security. Members: Lynn Terwoerds, Caroline Wong, Betsy Nichols
- Matthew Rosenquist, Intel – Identifying critical information security areas with a Threat Agent Risk Assessment
- Chris Walsh – Concluding Remarks
Full program in pdf format.
Program Committee #
Chair: Chris Walsh, SurePayroll
- Jennifer Bayuk, Bayuk.com
- Fred Cohen, Fred Cohen and Associates
- Lloyd Elam, SigmaRisks
- Jeremy Epstein, SRI International
- Dan Geer, In-Q-Tel
- Renee Guttmann, Time Warner
- Ray Kaplan, Ray Kaplan & Associates
- Pete Lindstrom, Spire Security
- Joe Magee, Vigilant
- Elizabeth Nichols, Plexlogic
- Steven Piliero, Center for Internet Security
- Caroline Wong, eBay
Original Call for Participation #
Mini-Metricon 4.5 will be a one-day event, Monday, March 1, 2010, in San Francisco, California. Through the cooperation of RSA, the workshop will be held at the University of San Francisco, within walking distance of the Moscone Center, the location of the RSA Conference, to be held during the same week. Mini-Metricon attendees are eligible for free RSA exhibit passes.
Like its predecessors, Mini-Metricon 4.5 is an informal workshop designed to facilitate exchange of new ideas as well as practical experience in using metrics to drive better security, compliance, and risk management. The day will be divided between open/moderated exchange and short presentations. Participants are expected to come prepared to actively interact as either presenters or active listeners (or both).
Place: University of San Francisco (within walking distance of the Moscone Center) Time: 8:30am to 4:30pm
Participation: by invitation.
Attendance: Limited to 80 people
If you would like to participate
Due to space limitations, we are asking all who are interested in participating to send an email to
metricon4.5@SecurityMetrics.org. Please provide some information about who you are, your interest/experience with metrics, what metrics you can bring to discuss, and your preferred level of participation: presenter or active audience participant.
Presenters: Please provide an abstract of 5 paragraphs or less that describes the nature of the metrics and metric results that you would like to present. Following past Metricon practice, preference will be given to those who respond to this CfP with actual work in progress that demonstrates the value of security metrics with respect to a security-related goal. Submission of recent, previously published work as well as simultaneous submissions to multiple venues is acceptable if disclosed in your proposal.
Active audience participants: Please indicate your area(s) of specific interest.
Examples of past well-received presentations are:
Visit securitymetrics.org for digests, presentations, and handouts from past Metricon Workshops.
To get invitations out well beforehand, we’d like all email submissions to be in-hand by December 5. Our goal is to send invitations to participate by January 15.
- 05 Dec 2009 - Responses Due to this Call
- 15 Jan 2010 - Notification of Acceptance
- 01 Mar 2010 - Mini-Metricon 4.5 Workshop
Please feel free to contact the Program Chair with any questions. Inquiries beyond administrative matters will be forwarded to the Committee. Additional information will be posted at
www.securitymetrics.org as it becomes available.