34th International Workshop on Global Security

CISQ is a proud sponsor of the 34th International Workshop on Global Security. Speaking from CISQ is Paul Bentz, Director of Government and Industry Programs in Europe. Visit the Center for Strategic Decision Research website at http://csdr.org/.

 

 

34TH INTERNATIONAL WORKSHOP ON GLOBAL SECURITY

 

Venue: Hôtel National des Invalides in Paris, France

 

Theme: Global Security in the Age of Hacking and Information Warfare: Is Democracy at Stake?

 

Workshop Chairman & Founder: Dr. Roger Weissinger-Baylon, Co-Director, Center for Strategic Decision Research

 

Honorary Chairman: Lieutenant General Bernard de Courrèges d’Ustou, Director, Institut des hautes études de défense nationale

 

Presented by: Center for Strategic Decision Research (CSDR) and Institut des hautes études de defense nationale (IHEDN), within the French Prime Minister’s organization

 

Principal Sponsors: French Ministry of Defense, North Atlantic Treaty Organization – Public Diplomacy, United States Department of Defense – Office of the Director of Net Assessment, Cisco Systems

 

Major Sponsors: Fujitsu, McAfee, MITRE, CISQ, Area SpA

 

Associate Sponsors: AXA

 

CISQ SPEAKER

Mr. Paul Bentz

Director of Government and Industry Programs

Consortium for IT Software Quality

 

 

Code Quality Standards Highlighted in U.S. State Department CSM (Consular Systems Modernization) Project

Here is a link to the U.S. State Department, Office of Acquisitions, Consular Systems Modernization (CSM) project.

 

CISQ was co-founded by the Object Management Group (www.omg.org), a technology standards organization, and the Software Engineering Institute (SEI) at Carnegie Mellon University (sei.cmu.edu), a Federally Funded Research and Development Center (FFRDC), to develop standards for automating the measurement of software size and structural quality. CISQ has introduced standards that are now “acquisition-ready” for managing system “-ilities” – security, reliability, performance efficiency, and maintainability – from system source code. In October 2017, CISQ also introduced a new OMG standard for measuring technical debt, which is a useful metric in the IT modernization and security discussion.

 

From the State Dept CSM acquisition doc on page 23, section C.4.2:

 

“The contractor shall adhere to CST application coding standards intended to assist in creating code that is free of critical quality defects and is highly maintainable.”

 

CST = Consular Systems and Technology

 

“CST will employ a Software Code Review process by which it will analyze all source code by measuring application level code quality and code assurance across the portfolio of COTS configurations and custom developed software. CST will also employ Software Code Quality (SCQ), an analysis that will evaluate application risk around robustness (stability, resiliency), performance, architectural security, transferability, system maintainability (sustainment) and changeability of applications as they evolve. These measurements are based upon industry best practices and standards related to complexity, programming practices, architecture, database access and documentation. They are derived from standards bodies such as the International Organization for Standardization (ISO), Software Engineering Institute (SEI), Object Management Group (OMG) and the National Institute of Standards and Technology among others.”

 

 

 

 

CISQ Metrics in GSA Schedule 70 Blank Purchase Agreement for IT and Development Services

Federal IT Acquisition Example Citing CISQ Metrics

CISQ has been referenced by the U.S. General Services Administration (GSA), formally citing CISQ requirements in a Information Technology (IT) statement of work from the Office of the CIO for the Office of Public Buildings. GSA is an independent agency of the U.S. government that supports general services of Federal agencies. See page 21, section 5.9 in GSA’s document, Schedule 70 Blank Purchase Agreement for IT and Development Services, citing CISQ…

 

“PB-ITS (Project Based IT Services) is seeking to establish code quality standards for its existing code base, as well as new development tasks. As an emerging standard, PB-ITS references the Consortium for IT Software Quality (CISQ) for guidance on how to measure, evaluate and improve software.”

 

Link to GSA doc

 

 

 

 

CISQ Webinar: New Automated Technical Debt Standard

Speaker: Dr. Bill Curtis, Executive Director, CISQ

Date: January 16, 2018 from 11:00am – 11:30am ET (check your time zone)

 

The CISQ measure of Automated Technical Debt has just been approved by the OMG® for finalization as a standard for measuring the future cost of defects remaining in system source code at release. The effects from Technical Debt can hinder innovation and put businesses at unacceptable levels of risk, including high IT maintenance costs, outages, breaches, and lost business opportunities.

 

In this webinar, Dr. Bill Curtis will introduce the new Technical Debt measure and outline how the specification is composed. He will present a full picture of the Technical Debt metaphor and how it can be used to communicate IT issues to the business. The measure is ready to be used by vendors of static code analysis (SCA) tools that detect violations of good coding and architectural practice in software. He will present a process for steadily reducing Technical Debt in critical business applications. Business leaders will learn how to use the measure to manage and reduce IT risk.

 

REGISTER NOW FOR THE WEBINAR!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Cyber Resilience Summit Agenda Published for October 19

Featured speakers from DHS, NSA, DoD, Navy and Marines

 

Needham, MA – September 25, 2017 – The Consortium for IT Software Quality™ (CISQ™) today announced that the agenda is published and registration is open for its fourth annual Cyber Resilience Summit. CISQ is co-hosting this full-day event with the IT Acquisition Advisory Council (IT-AAC) at the Army Navy Club in Arlington, Virginia, on October 19, 2017.

 

The current executive agenda for Federal IT seeks to modernize legacy systems by maximizing the use of commercial innovation, commercial standards and commercial best practices. Public officials, standards bodies, IT communities of interest, and leaders from industry will discuss the digital transformation and the practical application of systems engineering to ensure success in these goals.

 

Speakers from U.S. Federal Government and industry will address how federal agencies are modernizing and securing legacy systems to combat cyber threats and improve digital services for their constituencies. Sessions include:

  • Keynote panel with Tony Scott, former Federal CIO under President Barack Obama, and Mr. Greg Smithberger, CIO and CTO of the National Security Agency
  • Keynote: Defense Cyber Way Forward by Dr. Theresa Lang, Deputy Director, Navy Cybersecurity/Deputy Director, Department of the Navy Deputy Chief Information Officer
  • Titans of Cyber Panel: Policy and Directives for Modernizing and Securing Legacy IT Topics: FITARA, MGT Act, Executive Order for Cyber Security
  • Standards to Measure and Manage Security, Resilience and Technical Debt
  • Titans of Cyber Panel: Best Practices and Innovations for Rapid, Secure Modernization
  • Supply Chain and Integration Risk Management

Confirmed speakers and panelists include:

  • Bill Curtis, Consortium for IT Software Quality Executive Director
  • John Weiler, IT Acquisition Advisory Council Vice Chair
  • Jeffrey Eisensmith, CISO, DHS OCIO
  • Sara Mosley, Acting Director for the Office of the Chief Technology Officer, DHS CS&C
  • Jack Wilmer, Cyber lead for American Technology Council, White House OSTP
  • Ken Bible, Deputy CIO, U.S. Marine Corps
  • Jose Arrieta, Director, Office of IT 70 Schedule Contract Operations at GSA
  • Brigadier General (ret) Greg Touhill, former U.S. CISO and current President of Cyxtera Federal Group
  • Matt Conner, CISO of the National Geospatial Agency
  • Emile Monette, Senior Cybersecurity Strategist and Acquisition Advisor, DHS Continuous Diagnostics and Mitigation Program
  • Shon Lyublanovits, IT Security Category Manager and Director of the Security Services Division for the Office of Integrated Technology Services in the GSA Federal Acquisition Service
  • Dave Duma, Acting Director of Operational Test & Evaluation at the Department of Defense
  • Joe Jarzombek, Global Manager, Synopsys Software Integrity Group
  • Edward E. Amoroso, CEO of Tag Cyber LLC
  • Ron Ross, Computer Scientist and Fellow, NIST
  • Roberta Stempfley, Director of SEI’s CERT Division
  • Herb Krasner, University of Texas at Austin (ret.), Texas IT Champion

 

The complete agenda and registration information is online.  Registration is open to the public and costs $250 USD. Admission for government officials and media is complimentary with pre-registration by October 18.

 

The event is sponsored by Booz Allen Hamilton, CAST, CGI, Cognizant, ISHPI Information Technologies and Synopsys.

 

About the Event Hosts

The Consortium for IT Software Quality™ (CISQ™) is an IT industry leadership group comprised of IT executives from the Global 2000, system integrators, outsourced service providers, and software technology vendors committed to introducing computable metrics standards for measuring software quality and size. Founded by the Object Management Group® (OMG®) and the Software Engineering Institute (SEI) at Carnegie Mellon University, CISQ is a neutral, open forum in which customers and suppliers of IT application software can develop an industry-wide agenda of actions for improving IT application quality and reduce cost and risk. For more information, visit www.it-cisq.org.

 

The IT Acquisition Advisory Council (IT-AAC) is a public/private “do tank” composed of leading IT public interest groups, standards bodies and government agencies working together to fundamentally transform how the government acquires and manages IT and Cyber solutions. As the “architect of FITARA”, we are ushering in agile standards of practice and innovations emanating from the $4T Global IT market. www.it-aac.org

 

###

Note to editors: Object Management Group and OMG are registered trademarks of the Object Management Group.  For a listing of all OMG trademarks, visit http://www.omg.org/legal/tm_list.htm. All other trademarks are the property of their respective owners.

CISQ Announces Cyber Resilience Summit on October 19, 2017 in Virginia

Needham, MA – September 8, 2017 – The Consortium for IT Software Quality™ (CISQ™) today announced that registration is open for the fourth annual Cyber Resilience Summit to be held at the Army Navy Club in Arlington, Virginia on October 19, 2017.

 

Federal agencies are actively modernizing and securing legacy systems to combat cyber threats and improve digital services for their constituencies. The Cyber Resilience Summit will distill standards and best practices from the cyber standards community for building and acquiring secure and resilient software. Mr. Tony Scott, former Federal CIO under President Barack Obama, and Mr. Greg Smithberger, CIO and CTO of the National Security Agency, will kick-off the program. Speakers from government and industry will cover the topics of: risk-managed digital transformation, the practical application of systems engineering to support agile acquisition, cloud readiness, big data, technical debt control, and cyber risk management of complex mission, C2, weapon and citizen-facing systems.

 

VENUE: Army Navy Country Club, 1700 Army Navy Drive, Arlington, VA

 

WHEN: Thursday, October 19, 2017 from 8:00am – 4:00pm

 

COST: Complimentary for government employees and media. Select “Special” under Payment Type and enter the code CISQGOV17 for government employees and CISQP17 for media at registration. The fee is $250USD for non-government employees. Registration includes refreshments and lunch.

 

HOSTS: Consortium for IT Software Quality in cooperation with the Object Management Group® (OMG®) and IT Acquisition Advisory Council (IT-AAC)

 

“CISQ is active in driving IT policy in state and local government,” says Dr. Bill Curtis, Executive Director, CISQ. “Code quality standards have been cited in a U.S. General Services Administration statement of work for new Information Technology and Development Services (ITDS) contracts. Herb Krasner, a member of the CISQ Advisory Board, led new Texas state legislation to improve the oversight and performance of large state IT projects (http://it-cisq.org/measuring-it-project-performances-in-texas-house-bill-hb-3275-implications/). And the U.S. State Department cited software quality requirements in a large Consular Systems Modernization project.” “We look forward to this event to connect with Federal IT leaders tasked with getting the job done right.”

 

For more on CISQ’s work, visit www.it-cisq.org/cyber-resilience.

 

About CISQ

The Consortium for IT Software Quality™ (CISQ™) is an IT industry leadership group comprised of IT executives from the Global 2000, system integrators, outsourced service providers, and software technology vendors committed to introducing computable metrics standards for measuring software quality and size. Founded by the Object Management Group (OMG®) and the Software Engineering Institute (SEI) at Carnegie Mellon University, CISQ is a neutral, open forum in which customers and suppliers of IT application software can develop an industry-wide agenda of actions for improving IT application quality and reduce cost and risk. The event is sponsored by Booz Allen Hamilton, CAST, CGI, Cognizant, Ishpi Information Technologies and Synopsys. For more information, visit www.it-cisq.org.

 

About IT-AAC

 

The IT Acquisition Advisory Council (IT-AAC) is a public/private “do tank” composed of leading IT public interest groups, standards bodies and government agencies working together to fundamentally transform how the government acquires and manages IT and Cyber solutions. As the “architect of FITARA”, we are ushering in agile standards of practice and innovations emanating from the $4T Global IT market. www.it-aac.org

 

###

Note to editors: Object Management Group and OMG are registered trademarks of the Object Management Group.  For a listing of all OMG trademarks, visit http://www.omg.org/legal/tm_list.htm. All other trademarks are the property of their respective owners.

Jaarcongres Innovatie & Transformatie hosted by ICT Media

Date: September 19, 2017

Venue: NBC Congrescentrum, Blokhoeve 1, 3438 LC Nieuwegein, Netherlands

Website: http://www.innovatietransformatie.nl/

 

Paul Bentz, CISQ Director of Government and Industry Programs, will lead a panel discussion, “Measuring software assets to support innovation: the importance of standards.”

 

 

From the ICT Media website:

 

Technological, economic and social developments demand from organizations a change force that exceeds the competences of the traditional IT department. However, the IT function can play a crucial role within the organization of the future. This calls for leadership, governance, digital, security, speed, and ecosystems. During the Annual Congress Innovation and Transformation we outline the contours of the future organization.

 

Leadership – Much more than a matter of purely technological choices, the process of digitalization is a strategic organizational issue. That requires leaders with vision, conviction and power. What are the characteristics of contemporary leadership? How can the CxO digitization shape?

 

Digital and data – More and more organizations embrace the idea of ​​data and information as the basis for digital renewal. In that, KI and robotization can not really be missed. And Block-chain is more than the underlying virtual currency system. The art is, however, individual and self-initiating initiatives in parts of a larger whole. That calls for a holistic view of digital assets. How do you get that done?

 

Security, Privacy and Compliance – Security and data privacy are important pillars of enterprise continuity. Software may contain as many vulnerabilities, human being is the weakest link in the security chain. How can organizations enforce safe work without compromising user experience and productivity?

 

Speed ​​- In order to innovate faster, more and more companies and institutions choose a bi- or even trimodal approach: In addition to traditional, operational IT, digital innovation is set apart. How far can you pass this? What is productive? Should not the ‘run’ be in the acceleration?

 

In addition to technology, innovation and transformation in the digital age thus relies on the (re) shaping of the entire organization. There is no standard model for this, but CxO’s have a range of possibilities that can be productive. The main issues are discussed during the Years of Innovation and Transformation.

 

REGISTER TODAY!

 

 

 

Gartner Application Strategies & Solutions Summit 2017

Date: December 4-6, 2017
Venue: Caesars Palace, Las Vegas, NV
Website: http://www.gartner.com/us/apps
Special rate: CISQ members save $300 off standard registration. Apply the code GARTCISQ at registration.

 

Accelerate Engagement, Drive Customer Experience and Deliver Digital Business Innovation

 

Gartner Application Strategies & Solutions Summit will address how to build an applications organization with the agility and flexibility to support today’s digital business demands. Empower your entire enterprise to address digital business opportunities and use leading-edge technologies to create and deploy business critical solutions.

 

Explore four in-depth programs tailored to the changing mission-critical priorities of application, IT and CX leaders. New this year, Gartner’s exclusive Senior Executive Circle provides a forum for best practices, strategies and tactics of forward thinking senior IT/application leaders, and offers exclusive roundtable sessions and networking opportunities.

 

2017 Agenda Programs & Themes

Additionally, explore hot topics across the event with deep-dives into cloud, advanced technologies and digital workplace.

 

CISQ members save $300 off standard registration! Apply the code GARTCISQ at registration.

 

 

 

HACK New York City 2018

 

“The most innovative and disruptive speakers”

 

The HACK NYC Executive Summit, an exclusive gathering of more than 50 top industry executives and security industry leaders, ignites open conversations and “think tank” style breakout sessions. This full day of discussions is unique to Black Hat and provides unmatched opportunities for networking and learning.

 

Click here to track the speakers

 

Click here to buy tickets

 

 

 

 

 

 

Software and Supply Chain Assurance (SSCA) Winter Forum 2017

Location: MITRE-1, 7525 Colshire Drive, McLean, VA 22102

https://register.mitre.org/ssca/

 

Cyber risk has become a topic of core strategic concern for business and government leaders worldwide and is an essential component of an enterprise risk management strategy. The Software and Supply Chain Assurance (SSCA) Forum and Working Groups provide a venue for government, industry, and academic participants from around the world to share their knowledge and expertise regarding software and supply chain risks, effective mitigation strategies, and any gaps related to the people, processes, or technologies involved.

 

The effort was initiated in 2003 as a Department of Homeland Security (DHS)-sponsored Cross-Sector Cyber Security Working Group (CSCSWG) established under auspices of the Critical Infrastructure Partnership Advisory Council (CIPAC) that provides legal framework for public-private collaboration and participation.

 

Originally called the Software Assurance (SwA) Forum and Working Groups, its purpose was to bring together a stakeholder community to protect the Nation’s key information technologies, most of which are enabled and controlled by software. The community evolved and broadened the scope to include additional focus on the supply chain and is currently co-sponsored by DHS, the Department of Defense (DoD) Office of the Secretary of Defense, Government Services Agency (GSA), and the National Institute of Standards and Technology (NIST).

 

SSCA events are held quarterly and are free and open to the public. In general, Summer and Winter sessions are intended for working group-type discussions while the Spring and Fall sessions are reserved for more traditional forum presentations. Interaction is always encouraged.

 

To receive information about upcoming meetings and related activities, please sign up for the sw.assurance mailing list, operated by NIST, by sending a blank email to sw.assurance-join@nist.gov