Value Made Visible

On Monday, April 7 (just before the RSA Conference), Securitymetrics.org members (about 40 information security professionals) gathered in San Francisco for a semi-formal workshop, called “Mini-Metricon”. (Our formal workshops are called “Metricon”). This is the second Mini-Metricon, and was a big step up from last years excellent first event. Great presentations, great participation, and, best of all, really substantive discussions about key issues and alternative approaches. I’ll come back to this post and add more specific highlights and takeaways.

I will be attending the Workshop on Economics of Information Security, June 26-28, held at Dartmouth. Anybody who is anybody in economics of InfoSec will be there, with a focus on leading edge problems, theories, and results. While it’s primarily academic, there are plenty of practitioners and empirical studies. Here’s the conference web site.

I just sent my comments to the  European Network and Information Security Association (ENISA) activity titled “Analysing Barriers and Incentives for Network and Information Security in the Internal Market for e-Communication”.  Here’s their web site.  Comments are requested until May 30, and can come from anyone, not just EU citizens.

Of course, my comments and recommendations focused on support for the incentive-based approach.

What’s important about this activity is that it is being guided by analysis and insights from the economics of information security.   This is a sea change from past government and regulatory approaches.

(more…)

I’ll be going to Switzerland July 6-11 for a workshop on the multidisciplinary aspects of information security, hosted by the Center for Interdisciplinary Studies in Information Security at Ecole Polytechnique Fédérale de Lausanne. This invitation-only event is being held at a conference center at Monte-Verita, Ascona, Switzerland. It should be great, with a small group of world-class thinkers from different disciplines, with nothing else to do over five days but to bash ideas together and see what comes out. 

Here’s the conference description.

Drop me line if you are going or will be in the area.  I’m still working out my itinerary.

I recently sent this recommendation letter to the non-partisan Commission on Cyber Security for the 44th Presidency.  My letter provides recommendations on US Goverment action to jump-start and promote an R&D Initiative for Incentive-based Cyber Trust.   I encourage knowledgable readers to submit your ideas and recommendations, too.

(more…)