Monday, April 30, 2012

Metricon 7 Call for Papers

This is a Call for Papers (CFP) for Metricon 7.

Key stats first:

  • Conference date: August 7, 2012
  • CFP deadline: May 31, 2012
  • Conference location: Bellevue, WA
  • Cost to attend: free (but you’d need to add value to discussions).

CFP follows below and can be found at SecurityMetrics site.

Metricon 7 - Security Metrics: Useful or Bust!!

How to define, generate, and communicate security metrics you can use TODAY!

This year, Metricon 7.0 is excited to issue a call for participation to the information security community. The event will occur August 7th 2012 collocated with USENIX in Bellevue, WA.

Given that this is the 7th event, we think it is time to finally say it: security metrics MUST be useful NOW! Thus, the focus this year is on useful and usable metrics – not conceptual and theoretical stuff that sounds great, but cannot and will not be used in today’s organizations. Also, presentations and panels that talk about “How?” and “What?” will be strongly prioritized over “Why?”(and “whine”). Enterprises and tool vendors are both welcome to present! Academic researchers tacking the real-world problems are welcome as well.

We want to see:
• How you achieved “quick wins” with security metrics?
• How you define useful metrics, whether risk or operational?
• What metrics you track are the most useful?
• How did you solve a particular challenge in security metrics area?
• How your tool helps (not “can help”!) with collecting and analyzing security metric data?
• Who gets the metrics you create? How do they use them?
• What metrics you use to determine that security controls are effective?
• How organization generate actionable advice from security metrics?
• How to track that your security is improving using metrics?

We do not want:
• Uncollectable and unusable metrics
• Metrics philosophy
• Uncooked metrics that sound vaguely “interesting”

Send submissions and your ideas for panels and presentations to

Deadline for presentation and talk submissions is May 31st, 2012. Submissions should be sent to

Monday, April 02, 2012

Monthly Blog Round-Up – March 2012

Here is my next monthly "Security Warrior" blog round-up of top 5 popular posts/topics this month:
  1. Simple Log Review Checklist Released!” is often at the top – the checklist is still a very useful tool for many people
  2. Updated With Community Feedback SANS Top 7 Essential Log Reports DRAFT2”, “SANS Top 5 Essential Log Reports Update!” and their predecessor  “Top5 SANS Log Reports Update DRAFT” also show up close to the top. IF YOU WANT TO VOLUNTEER TO FINISH THIS DOCUMENT- PLEASE EMAIL ME!
  3. My classic PCI DSS log review series is still on my Top 5: “Complete PCI DSS Log Review Procedures”; they are also useful for other compliance or security log review and log monitoring.
  4. On Free Log Management Tools” is a companion to the checklist below (updated version)
  5. On Choosing SIEM” is about the least wrong way of choosing a SIEM tool – as well as why the right way is so unpopular.
In addition, I’d like to draw your attention to a few posts from my Gartner blog:
  1. “Big Analytics” for Security: A Harbinger or An Outlier?
  2. Many Faces of Application Security Monitoring
  3. More on Application Security Monitoring
  4. Cloud Security Monitoring for IaaS, PaaS, SaaS
  5. More On Security Monitoring of Public Cloud Assets
  6. Is Cloud Secure? WTFC!
  7. Cloud Security Monitoring!
  8. Cloud Security Monitoring: IaaS Conundrum
  9. Cloud IS Different: So Monitoring Must Be Different?
Also see my past monthly and annual “Top Posts” – 2007, 2008, 2009, 2010, 2011.

Disclaimer: all this content was written before I joined Gartner on Aug 1, 2011 and is solely my personal view at the time of writing. For my current security blogging, go here.

Dr Anton Chuvakin