ISSA Sacramento Chapter Meeting, Friday, 9/17/2021, 11:30a-1:00p

Primary tabs

Although we had planned to offer a hybrid meeting this month (both in-person and on-line), we lost our venue for the in-person meeting on short notice. So, this month we will again have an entirely on-line meeting and we hope to be able to offer a hybrid meeting in October.

Location: Zoom. Meeting details will be emailed to everyone who registers for the meeting (see below) at least an hour before the meeting starts at 11:30am PDT. (If you register later than 10:30am the day of the meeting, or fail to register at all, you may not get the zoom meeting details, so be sure to register!)

Speaker: Dr. Mark Heckman, ISSA Sacramento Valley Chapter President

Speaker Bio: Mark Heckman has worked in the field of information security for over 30 years as an engineer, researcher, practitioner, and educator. His wide-ranging career has spanned many areas of information security, including research and development of very high-assurance, multi-level secure systems for use in government and the military, research and development of intrusion detection and security event management systems, and general IT security and compliance for commercial organizations in the financial and health industries. Heckman earned his M.S. and Ph.D. degrees in Computer Science at the University of California, Davis and is a Certified Information Systems Security Professional (CISSP).  He is currently a Professor of Practice and teaches in the Cyber Security Engineering and Technology program at the University of San Diego.

Topic: Can We Measure Cyber Security? The slides can be found here

Description: A number of years ago, I was at a cyber security conference where the keynote speaker, a somewhat well-known journalist and author at the time who shall remain nameless, told the assembled security professionals that he had no respect for our field because we couldn't measure it. I met up with him briefly one-on-one afterward to defend the practice of cyber security, but quickly realized that he was right: we can't directly measure security! And that isn't for lack of trying: Ten years ago, for example, DARPA spent a lot of money in research grants looking for ways to accurately measure security, and that research resulted in ... basically nothing. But if we can't measure security, how can we tell that what we do has any value, and how can we claim that what we do has anything to do with engineering? Even if we can't directly measure security, there are techniques for indirectly assessing and evaluating system security (some you may know, others might be new to you), and I'll survey those techniques in this talk, along with the strengths and weaknesses of each. I may still not have an answer for that long-ago keynote speaker, but at least I can argue that what we do is based on engineering, not just on intuition.

Friday, September 17, 2021 - 11:30am to 1:00pm
The email to associate with this registration.
State of this registration