The model of Metricon/MiniMetricon (<a href="http://www.securitymetrics.org">http://www.securitymetrics.org</a>) might be a nice, workable model to follow and with RSA around the corner, there might be quite a few list members attending to warrant at least a "Meetup" somewhere.<br>
<br>Lyger, perhaps an "Are you going to RSA?" thread for people to use for the basis of connecting?<br><br><div class="gmail_quote">On Fri, Mar 28, 2008 at 9:11 AM, Allan Friedman <<a href="mailto:allan_friedman@ksgphd.harvard.edu">allan_friedman@ksgphd.harvard.edu</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">[If this is not the right place to discuss this, let's take it elsewhere]<br>
<br>
Given the great and increasingly dense and complex discussion on this<br>
list, I wonder whether there would be any interest in assembling for a<br>
workshop / mini-conference? I'd be happy to try to organize one here<br>
at Harvard sometime next fall. Thoughts?<br>
<br>
I feel that many of the discussions we are having here overlap or abut<br>
much of the other discussions in privacy and security. Sitting down<br>
and drawing up a clear understanding of the critical areas of<br>
dataloss, and how it impacts business and law will be helpful. Is this<br>
redundant? Unnecessary?<br>
<br>
Here is my general idea, purely as a strawman.<br>
1) Probably just one day, mid fall 2008<br>
2) Some combination of panels and academic paper presentation, with a<br>
keynote and at least one breakout session<br>
3) Content: 50% academic (econ, law, tech, policy) 25% business, 25%<br>
public policy/ advocacy<br>
4) We would need to define dataloss as a reasonably coherent clump to<br>
prevent the typical privacy rehashing, or making it too broad to be<br>
useful. Also, it should be more focused than a run of the mill<br>
enterprise/organization security conference.<br>
5) Topics: breach laws, econ models, technical solutions,<br>
understanding liability, metrics and quant<br>
6) Ideally, the workshop could be summarized to produce a research<br>
agenda and/or a policy agenda<br>
7) In my experience, breakout discussion sessions can be very<br>
productive in knowledge distillation.<br>
<br>
If this is not a horrible idea, who would be interested in attending?<br>
Speaking or presenting research? Helping organize? Vendor<br>
participation or sponsorship?<br>
<br>
allan<br>
<br>
Allan Friedman<br>
PhD Candidate, Public Policy<br>
Kennedy School of Government<br>
Fellow, Center for Research in Computation and Society<br>
School of Engineering and Applied Sciences<br>
Harvard University<br>
_______________________________________________<br>
Dataloss Mailing List (<a href="mailto:dataloss@attrition.org">dataloss@attrition.org</a>)<br>
<a href="http://attrition.org/dataloss" target="_blank">http://attrition.org/dataloss</a><br>
<br>
Tenable Network Security offers data leakage and compliance monitoring<br>
solutions for large and small networks. Scan your network and monitor your<br>
traffic to find the data needing protection before it leaks out!<br>
<a href="http://www.tenablesecurity.com/products/compliance.shtml" target="_blank">http://www.tenablesecurity.com/products/compliance.shtml</a><br>
</blockquote></div><br><br clear="all"><br>-- <br>B.K. DeLong (K3GRN)<br><a href="mailto:bkdelong@pobox.com">bkdelong@pobox.com</a><br>+1.617.797.8471<br><br><a href="http://www.wkdelong.org">http://www.wkdelong.org</a> Son.<br>
<a href="http://www.ianetsec.com">http://www.ianetsec.com</a> Work.<br><a href="http://www.bostonredcross.org">http://www.bostonredcross.org</a> Volunteer.<br><a href="http://www.carolingia.eastkingdom.org">http://www.carolingia.eastkingdom.org</a> Service.<br>
<a href="http://bkdelong.livejournal.com">http://bkdelong.livejournal.com</a> Play.<br><br><br>PGP Fingerprint:<br>38D4 D4D4 5819 8667 DFD5 A62D AF61 15FF 297D 67FE<br><br>FOAF:<br><a href="http://foaf.brain-stream.org">http://foaf.brain-stream.org</a>