Mini-Metricon 6.5

March 8, 2012

Mini-Metricon 6.5 was a one-day event, Monday, February 27, 2012, co-located with the RSA Conference, in San Francisco, CA. This page contains a description of the event, presentations, and the original CFP. Program # Keynote Alessandro Acquisiti, CMU, The Value of Privacy Human-in-the-loop Panel and Presentations Bob Rudis and Albert Yin, Liberty Mutual – Using Peer Pressure to Improve Security KPIs Steve Kruse and Bill Pankey, RSA – Assessing User Awareness Bryan Ware, Digital Sandbox – Evaluating Pattern of Life Indicators to Prioritize Monitoring of Potential Insiders Lightning Talks and Lunch Break ...

Metricon 6 — Real People Generating Real Information

August 9, 2011

Metricon 6 was a one-day event, Tuesday, August 9, 2011, co-located with USENIX, in San Francisco, CA. This page contains a description of the event, presentations, and the original CFP. Program # Richard Seiersen, Kaiser Permanente – Operation Risk Management Richard Lippmann, James Riordan, Cyber Systems and Technology Group, MIT Lincoln Laboratory – Critical Control Security Metrics for Continuous Network Monitoring Wendy Nather, 451 Group – Quantifying the Unquantifiable: When Risk Gets Messy Brian Keefer, Jared Pfost – Moneysec: Applying the “Moneyball” philosophy to information security metrics Ed Bellis, HoneyApps – That’s So Meta: Gleaning Business Context In The Vulnerability Warehouse Joshua Corman, Akamai – “Shall we play a game? ...

Mini-Metricon 5.5

July 28, 2011

Mini-Metricon 5.5 was a one-day event, Monday, February 14, 2011, co-located with the RSA Conference, in San Francisco, CA. This page contains a description of the event, presentations, and the original CFP. Program # Wade Baker and Alex Hutton, Verizon Business – Veris Data/Veris Community Chris Eng, Veracode – Critical Consumption of Infosec Stats Juhani Eronen, CERT-FI, Finnish Communications Regulatory Authority – On (Automated) Incident Reporting Christian Frühwirth, Aalto University Finland and Christian Proschinger, Otmar Lendl, CERT. ...

Metricon 5 — Older But Wiser

August 23, 2010

Metricon 5 was held Tuesday, August 10th, 2010, co-located with the 19th USENIX Security Symposium in Washington, DC. This page contains the details of the meeting, including its CFP, the final agenda, and the meeting’s Digest. Program # Andrew Jaquith, Forrester Research – Five Years of Security Metrics: A Look Back Richard Seiersen, Kaiser Permanente – Practical Security Metrics in the 4th Dimension RH Powell, Akamai – Weathering Storms in the Cloud: Analyzing Massive Distributed Denial of Service Attacks to Better Prepare for the Future John S Quarterman, Quarterman Creations/CREC at the UT Austin School of Business – Spam Reputation as Output Measure of Infosec Gina Fisk, Los Alamos National Laboratories – Optimizing Performance Management using Adaptive Metrics, Fitness Functions, and the Balanced Score Card Fabio Massacci, Universita’ di Trento – Which is the Right Source for Vulnerability Studies? ...

Mini-Metricon 4.5

March 19, 2010

Mini-Metricon 4.5 was held Monday, March 1, 2010, in San Francisco, California, adjacent to the USA RSA 2010 Conference. The presentations are posted links in the this page; the original CFP is here as well. Program # Chris Walsh, Introductory Remarks Jennifer Bayuk – Summary of Metricon 4.0 Morning Session I – Chair: Jeremy Epstein Pete Lindstrom, Spire Security – Qualitative Tuning as Preparation for Quantitative Methods Ashish Larivee, Veracode – Metrics for insights on the state of application security Morning Session II – Chair: Joe Magee Alex Hutton and Wade Baker, Verizon Business – Translating the Narrative into Metrics: The Verizon Incident Sharing Framework Anoop Singhal, NIST – Ontologies for Modeling Enterprise Level Security Metrics Afternoon Session I – Chair: Caroline Wong Christian Frühwirth, Helsinki Institute of Technology – Improving CVSS-based Vulnerability Prioritization with Business Context Information Ramon Krikken, Burton Group – Field Research: Security Metrics Programs Afternoon Session II – Chair: Ray Kaplan Panel: Metrics for Cloud Security. ...

Metricon 4 — The Importance of Context

September 27, 2009

Metricon 4 was held Tuesday, August 11, 2009, in Montreal, Quebec, co-located with the USENIX Security Symposium. This page contains the details of the meeting, including the original CFP, the final agenda, and the meeting’s Digest. Agenda Baseline Scoring Methods John Nye, Reproducible Measurement as a Foundation for Security Assessment Metrics Ed Bellis, Orbitz, Orbitz SCAP Metrics Measuring Impact Lloyd Ellam, SigmaRisks – The Ugly, The Bad, and The Good Shivaraj Tenginakai – Metrics for Detecting Compromised Systems. ...

Mini-Metricon 3.5 — Practical Security Metrics

August 2, 2009

Mini-Metricon 3.5 was held Monday, April 20, 2009 at the Google offices, within walking distance of Moscone Center. Agenda # The format of Mini-Metricon 3.5 was four grouped sessions plus an hour long CISO “Mashup.” Each session had three 20-minute presentations of ideas, followed by 30 minutes of discussion and general interaction with all attendees. Breakfast in room Google – Welcome from sponsor Enterprise Metrics Case Studies. Discussion leader: Steve Piliero, Center for Internet Security Carolyn Wong, Ebay – Metrics at Ebay Richard Seierson, Kaiser-Permanente – Foundations for Security Business Intelligence John Flynn and Steve Weis, Google – Metrics at Google CISO MashUp. ...

Metrics Catalog Project

July 21, 2009

This page provides information on the Metrics Catalog Project that was announced at the MiniMetricon 2.5 Meeting in SanFrancisco, CA on 7 April 2008. There are two documents on the Metrics Catalog available at this time: Metrics Catalog Project (this page) Metrics Catalog Preview You can find more documents at the MetricsCenter website. The Metrics Catalog Project consists of three primary components: MetricsCenter Google Group. You can subscribe by sending a request to support@metricscenter. ...

Metrics Catalog Preview

July 3, 2009

A free and open site for the Metrics Catalog is up and running for your review and comment. You will need a browser with Javascript and Java enabled to view the Metrics Catalog. Note that this web site is designed to provide three services: A catalog of metric definitions (no measured results) Dashboards of metric results derived from public sources and A collection of useful resources for security metrics.// Please provide feedback/suggestions about each of these services. ...

Mini-Metricon 2.5

June 19, 2009

Mini-Metricon 2.5 was held Monday, 7 April 2008 in San Francisco, California. Agenda # Welcome and Introduction Moderator: Betsy Nichols, PlexLogic Introduction: Fred Cohen, Fred Cohen & Associates Welcome: Brent Rowe, RTI International Definitions/Terminology/Structures. Moderator: Fred Cohen, Fred Cohen & Associates Pete Lindstrom, Burton Group – Enterprise Security Metrics Amnon Lotem, Skybox – Model Based Metrics Anoop Singhal, NIST – Network Security and Risk Analysis Using Attack Graphs Group Discussion Critical Areas of Coverage. ...