---------- Forwarded message ----------
Date: Fri, 16 Feb 2001 00:36:33 -0500
From: ACSAC Publicity <ACSAC_announce.owner@acsac.org>
To: Recipient List Suppressed: ;
Subject: CFP workshop on information security system rating and ranking
Call for Participation
FIRST WORKSHOP ON INFORMATION SECURITY SYSTEM RATING AND RANKING
(commonly but improperly known as "Security Metrics")
Williamsburg, Virginia, May 21-23, 2001
Sponsored by: Applied Computer Security Associates (ACSA) and
The MITRE Corporation
After more than 20 years of effort in "security metrics," the
evolution of product evaluation criteria identification, Information
Assurance (IA) quantification, and risk assessment/analysis
methodology development, has led to the widespread need for a single
number or digraph rating of the "security goodness" of a component or
system.
Computer science has steadily frustrated this need--it has neither
provided generally accepted, reliable measures for rating IT security
nor has it applied any measures for security assurance. The goals of
this workshop are to recap the current thinking on "IA metrics"
activities and to formulate a path for future work on IA
rating/ranking systems. Topics will include identifying workable
successes or capturing lessons learned from our failures, clarifying
what is measurable, and the addressing the impact of related
technology insertion. The expected workshop result is the
determination of "good" indicators of the IA posture of a system.
The workshop will serve as a forum for group discussion, with topics
determined by the participants.
Submission of a 4-to-5-page position paper is required for workshop
attendance.
For further information, please see: www.acsac.org/measurement
Deadline for submission of papers: March 30, 2001.
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".
Received on Mon Feb 19 01:05 CST 2001