MetriCon 1.0: Security Metrics

The upcoming MetriCon 1.0 is 1-day conference is a forum for quantifiable approaches and results to problems afflicting information security.

MetriCon 1.0 is scheduled for Tuesday, August 1, 2006, co-located with the 15th USENIX Security Symposium in Vancouver, B.C., Canada.

Attendance will be by invitation and limited to 50 participants. All participants will be expected to "come with opinions" and be willing to address the group in some fashion, formally or not. Preference given to the authors of position papers/presentations who have actual work in progress.

Presenters will have 10-15 minutes to present their idea, followed by 15-20 minutes of discussion with the workshop participants. Panels may be convened to present different approaches to related topics, and will be steered by what sorts of proposals come in.

The goal of the workshop is to stimulate discussion of and thinking about security metrics and to do so in ways that lead to realistic, early results of lasting value. Potential attendees are invited to submit position papers to be shared with all. Such position papers are expected to address security metrics in one of the following categories:

• Benchmarking
• Empirical Studies
• Metrics Definitions
• Financial Planning
• Security/Risk Modeling
• Visualization

Practical implementations, real-world case studies, and detailed models will be preferred over broader models or general ideas.

To participate, submit a short position paper or description of work done/ongoing. Your submission must be no longer than five(5) paragraphs or presentation slides. Author names and affiliations should appear first in/on the submission. Submissions may be in PDF, PowerPoint, HTML, or plaintext email and must be submitted to MetriCon AT securitymetrics.org.

Posted by Jon Erickson at 11:21 AM  Permalink