Metricon 3 Digest is here. Thanks to Dan Conway for compiling it.

Agenda

Tuesday, 29 July 2008, San Jose, California

8:00: Breakfast in room

8:45am : Welcome words / housekeeping details - Dan Geer

Four grouped sessions to follow; each has three at-most-20 minute presentations of ideas followed by 30 minutes of reaction from discussants and general interaction with all MetriCon attendees.

Breaks are short as is life.

Lunch, which is in-room, is long enough but no longer.

Dinner, which is in-room, is as long as people want though there is nothing "to do" that is more important than making the very utmost of the day and thus keeping at it until late.

Any and all electronic materials that presenters or attendees wish to provide will be available online at the meeting and a digest account of all that transpires will be made available to all (and eventually published).

There is both a lot to cover and the time to do it.

9:00am-10:30am - Models proposed and derived

Thomas Heyman & Christophe Huygens : Using Model Checkers to Elicit Security Metrics Slides

Adam O'Donnell : Games, Metrics, and Emergent Threats Slides IEE S&P Article

Fred Cohen : Bringing Clarity to Security Decision Making Using Qualitative Metrics in 2 Dimensions Slides

Discussants: Lloyd Ellam & Elizabeth Nichols

10:30am-10:45am break

10:45am-12:15pm - Tools and their application

Yolanta Beresnevichiene : Metrics Driving Security Analytics Slides

Alain Mayer : Security Risk Metrics: The View From the Trenches Slides

Sandy Hawke : How to Define and Implement Operationally Actionable Security Metrics Slides

Discussants: Gunnar Peterson & Andrew Jaquith

12:15pm-1:30pm - In-room lunch, the final 30 minutes jointly from

Jennifer Bayuk : Comparing Metrics Designed for Risk-Management with Metrics Designed for Security Slides

Discussant: Bryan Ware

1:15pm-1:30pm break

1:30pm-3:00pm - Scoring results and methods

James Walden : Code Complexity and Static Analysis Slides

Karen Scarfone : Evidence-Based, Good Enough, & Open Slides Handout

Arshad Noor : Identity Protection Factor Slides Handout

Discussants: Fred Cohen & Dan Conway

3:00pm-3:15pm break

3:15pm-4:45pm Enterprise plans and lessons learned

Caroline Wong : eBay's Metrics Program Slides

Clint Kreitner and Elizabeth Nichols : CIS Security Metrics & Benchmarking Program Kreitner Slides Nichols Slides CIS Handout

Kevin Peuhkurinen : Great-West's Metrics Program Slides

Discussant: Dan Geer

4:45pm-5:00pm break

5:00pm-5:45pm - Perimeters are the simplest possible thing to measure, right?

Sandeep Bhatt : Metrics-Based Firewall Management

Avishai Wool : Firewall Configuration Errors Revisited Slides

Discussant: Bob Blakley

ADDITIONAL MATERIALS Courtesy of George Cybenko,Article to Appear

5:45pm : Minimalist closing remarks - Dan Geer

6:00pm-whenever : Drinks, dinner, further talk

Drinks & dinner in room, and whatever happens next -- which it is hoped includes lessons learned, volunteers for further episodes of MetriCon, ideas on how we can best further support ourselves jointly, etc. Perhaps we will have someone stand up and lead such a discussion; consider that part of the program still fluid.

The original call for papers.

Attachments