Salsa-CSI2 Call - June 21, 2007

Salsa-CSI2 Conference Call
June 21, 2007

**Attending**
Chris Misra, University of Massachusetts (Chair)
Doug Pearson, Indiana and REN-ISAC
Phil Denault, Worcester Polytechnic Institute
Mark Poepping, Carnegie Mellon University
Brian Smith-Sweeney, New York University
Steve Olshansky, Internet2
Dean Woodbeck, Internet2 (scribe)

**Action Items**
[AI] {Chris} will talk to Renee Frost to determine if any other working groups or other activities may be discussing security metrics.
[AI] {Chris} will follow-up with individuals interested in joining the CSI2 working group.

**Security Metrics**
There is an increased interest in developing security metrics, driven by a desire to measure the impacts of security expenditures on organizations, and in turn to support business cases and budget justifications. A CSI2 effort could focus on a tool set to help develop meaningful data. In addition, REN-ISAC may be interested in data and metrics concerning the higher-ed sector as a whole. The challenge will be to develop meaningful metrics demonstrating how security efforts help manage and protect important campus assets. Using darknet data and/or firewall logs may be a start.

There was also discussion about determining whether there are security performance metrics in areas outside of higher education that CSI2 could leverage for its own use. Another approach may be to develop two sets of numbers addressing these questions: 1) how bad are things in the world at large and 2) how bad are things at my institution? REN-ISAC may be a starting point for the first question, developing a standard against which to measure an institution.

Another approach may be to list where the work comes from for security professionals, then determine what metrics may apply to those areas. Some areas that generate such work are incidents and incident response, policy and auditors. The challenge will remain to map this to value/ROI.

[AI] {Chris} will talk to Renee Frost to determine if any other working groups or other activities may be addressing these or similar issues.

**Data hashing**
Chris has a student working part-time for the summer building code to do some of the data hashing, as discussed at the March Cambridge meeting. The student has already provided a set of code.

**New members in CSI2**
A couple of individuals have expressed an interested in joining the CSI2 group.

[AI]{Chris} will follow-up with those people. If anyone knows of others, please contact Chris.

**RENOIR**
Doug has a line on a potential linkage to RENOIR. More to come on this.

**Wiki**
SteveO has moved the wiki to Internet2’s federated wiki platform: spaces.internet2.edu. The front page of the wiki and the blog (aka “news”) will be world-visible, but portions of the wiki will be restricted to CSI2 members. Working group members need to request write access for the new wiki. Instructions are contained in an e-mail about this SteveO sent out to the list June 20.

**Next call July 18, 2007**