CFP workshop on information security system rating and ranking

[InfoSec News <isn () C4I ORG>]

---------- Forwarded message ----------
Date: Fri, 16 Feb 2001 00:36:33 -0500
From: ACSAC Publicity <ACSAC_announce.owner () acsac org>
To: Recipient List Suppressed:  ;
Subject: CFP workshop on information security system rating and ranking

                           Call for Participation

FIRST WORKSHOP ON INFORMATION SECURITY SYSTEM RATING AND RANKING
(commonly but improperly known as "Security Metrics")


Williamsburg, Virginia,  May 21-23, 2001

Sponsored by: Applied Computer Security Associates (ACSA) and
The MITRE Corporation

After more than 20 years of effort in "security metrics," the
evolution of product evaluation criteria identification, Information
Assurance (IA) quantification, and risk assessment/analysis
methodology development, has led to the widespread need for a single
number or digraph rating of the "security goodness" of a component or
system.

Computer science has steadily frustrated this need--it has neither
provided generally accepted, reliable measures for rating IT security
nor has it applied any measures for security assurance.  The goals of
this workshop are to recap the current thinking on "IA metrics"
activities and to formulate a path for future work on IA
rating/ranking systems.  Topics will include identifying workable
successes or capturing lessons learned from our failures, clarifying
what is measurable, and the addressing the impact of related
technology insertion.  The expected workshop result is the
determination of "good" indicators of the IA posture of a system.
The workshop will serve as a forum for group discussion, with topics
determined by the participants.

Submission of a 4-to-5-page position paper is required for workshop
attendance.

For further information, please see:  www.acsac.org/measurement

Deadline for submission of papers: March 30, 2001.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".