Cyber Resilience Summit: Measuring and Managing Software Risk, Security and Technical Debt

Save the Date!  June 6 Cyber Resilience Summit in Brussels

 

Building on the momentum and uptake of the well-attended Washington, DC Cyber Resilience Summit program, the Consortium for IT Software Quality is planning to extend the program to Europe, to take place on June 6, 2017 in Brussels. Summit theme is “Measuring and Managing Software Risk, Security and Technical Debt.” All are invited to attend this important IT leadership event drawing on best practices for security and resiliency, and sharing the latest strategic thinking from innovative American and European CIOs and IT policy makers. Invited are participants from US DoD, NATO and the European Commission. Invited to keynote is a senior policy maker in Europe.

 

Program discussion points:

  • Managing security and risk with software measurement
  • Applying standard quality metrics to internal benchmarking, vendor agreements, and governance
  • Outcome-based contracts and service level agreements
  • Using software quality standards to comply with regulations
  • Positioning software measurement as a support mechanism for your team while prioritizing actions for business
  • Managing system complexity from a technology and architectural standpoint

 

Meeting Location:
Radisson Blu Royal Hotel
Rue du Fossé-aux-Loups 47
Wolvengracht 47
1000 Brussels, Belgium

 

We hope to see you in June!  To save your seat, REGISTER HERE!

 

For members and friends in the United States:

 

Registration is open for the March 21 Washington DC Cyber Resilience Summit at the Hyatt Reston Town Center. The event is emcee’d by Don Davidson, Chief of Lifecycle Risk Management & Cybersecurity/Acquisition, U.S. Department of Defense.

 

For information on speaking opportunities, registration and sponsorship, contact:

 

Tracie Berardi

Program Manager

tracie.berardi@it-cisq.org

781-444-1132 x149

CISQ-em

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Cyber Resilience Summit: Securing Systems inside the Perimeter

CRS-Mar-2017

 

 

Topic: Improving System Development and Sustainment Outcomes with Software Quality and Risk Measurement Standards

 

Hosted by: Consortium for IT Software Quality (CISQ) in cooperation with Object Management Group (OMG) and IT Acquisition Advisory Council (IT-AAC)

 

Date: Tuesday, March 21, 2017, 8:00am – 12:30pm

 

Location: Hyatt Reston Town Center, 1800 Presidents Street, Reston, VA 20190

 

RSVP: The event is sold out! Contact Tracie Berardi tracie.berardi@it-cisq.org or 781-444-1132 x 149

 

 

As the journey to secure our nation’s IT cyber infrastructure gains momentum, it is important to apply proven standards and methodologies that reduce risk and help us meet objectives for acquiring, developing and sustaining secure and reliable software-intensive systems. The theme of our upcoming Cyber Resilience Summit is Securing Systems inside the Perimeter. Defending the network is NOT enough. The most damaging of system failures and security breaches are caused by vulnerabilities lurking inside the network at the application layer.

 

The discussion will focus on meeting assurance-driven objectives, digital transformation, and cyber risk measurement at scale. We’ll discuss risk-managed evolution and practical application of systems engineering to support cloud readiness, big data, technical debt control and risk management of complex mission, C2, weapon and citizen-facing systems.

 

This very important topic has drawn a large crowd! 300 attendees have registered from the White House, OMB, DoD, DHS, NSA and several Federal agencies.

 

 

PROGRAM AGENDA

 

 

7:45am Registration Desk and Refreshments
8:00am Welcome to the Cyber Resilience Summit
– Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality (CISQ)
– John Weiler, Vice Chair, IT Acquisition Advisory Council (IT-AAC)
– Marc Jones, Director of Public Sector Outreach, Consortium for IT Software Quality (CISQ)
– Don Davidson, Chief, Lifecycle Risk Management & Cybersecurity/Acquisition, U.S. Department of Defense
8:20am Keynote: What’s Holding Us Back? – Maj Gen Dale Meyerrose (Download presentation PDF)
Dr. Dale Meyerrose, Major General, U.S. Air Force retired, was the first President appointed, Senate-confirmed chief information officer and information sharing executive for the U.S. Intelligence Community.
8:50am Advances in Measuring the Security and Architectural Integrity of Mission-Critical Systems (Download presentation PDF)
Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality (CISQ)
9:20am Modernizing and Securing Legacy IT Systems
A review of the Presidential Executive Order for Cyber Security and Modernizing Government Technology Act (Meeting Handout)
Lead: John Weiler, Vice Chair, IT Acquisition Advisory Council (IT-AAC)

Speakers:
– Dr. Mitch Crosswait, Deputy Director, Net Centric and Missile Defense Systems, Operational Test and Evaluation, U.S. Department of Defense
– Dr. J. Brian Hall, Acting Deputy Assistant Secretary of Defense for Developmental Test and Evaluation
– Dave Epperson, CIO of NPPD, U.S. Department of Homeland Security
– Jason Hess, Chief, Cloud Security, Office of the Chief Information Officer (OCIO), National Geospatial-Intelligence Agency
– David McKeown, GS-15, CISSP, Chief, Cyber Security Center, Joint Service Provider, DISA
– Tony Davis, Acting Command Acquisition Executive, USCYBERCOM
10:00am Refreshment Break
10:15am Remarks from Dr. Ben Calloni, co-chair of the OMG’s Systems Assurance Task Force
10:30am Titans of Cyber: Critical Insights from the Front Lines of the Cyber Risk Management Battle

Lead: Don Davidson, Chief, Lifecycle Risk Management & Cybersecurity Acquisition, U.S. Department of Defense

 

Titans of Cyber speakers:

– Sonny Bhagowalia, CIO, U.S. Department of the Treasury
– Dr. Ray Letteer, Chief, Cyber Security Division, U.S. Marine Corps
– Dr. Ron Ross, Fellow, National Institute of Standards and Technology (NIST)
– Rod Turk, Acting CIO, U.S. Department of Commerce
– Danny Toler, Deputy Assistant Secretary, CS&C, NPPD, U.S. Department of Homeland Security (US CERT website)

11:30am Use Case: Putting CISQ Standards into Action at Agile Speed
Barry Snyder, DevOps Manager, AD&M Development Services, Fannie Mae
12:00pm The Value of Security Benchmarks and Controls (Download presentation PDF)
Curtis Dukes, Executive Vice President, Center for Internet Security
12:30pm Closing Remarks

 

THIS EVENT IS SOLD OUT!

 

SPONSORS

CISQ-event-sponsors-2017

 

SUPPORTING PARTNERS

ADCEA-DC-17     CIS-logo    owasp_logo

 

PHOTOS

Marc-Jones-John-Weiler-CISQ-Intro-3-21-17

Dale-Meyerrose-CISQ-Resilience-Keynote-3-21-17

Bill-Curtis-CISQ-3-21-17

John-Weiler-Modernizing-Securing-Legacy-IT-Panel-CISQ-3-21-17

Don-Davidson-CISQ-Titans-of-Cyber-Panel-3-21-17

Barry-Snyder-Fannie-Mae-CISQ-3-21-17  Curtis-Dukes-CISQ-3-21-17

CISQ-Cyber-Resilience-Summit-Crowd-3-21-17

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Gartner Application Strategies & Solutions Summit

apn30_e3_generic

 

The Premier Event for Accelerating Engagement, Driving Customer Experience and Delivering Digital Business Innovation

 

Today’s applications are key drivers of business advantage. Application leaders are looking for ways to update their application strategy to deliver agility and stability. They need to bridge today’s application silos for greater impact and efficiencies.

 

Craft an application strategy to drive digital transformation. Explore insights from architecture, development and integration as well as employee engagement and the customer experience at Gartner Application Strategies & Solutions Summit 2016, December 6 – 8, in Las Vegas, NV.

 

CISQ members save $200 off the standard rate! Use the code GARTCISQ. 

 

Click here to view the agenda and register

 

 

 

 

 

 

 

Cybersecurity Workshop at OMG’s Technical Meeting

cyber-security-coronado

 

Cyber threats facing a nation’s critical infrastructure, mission-critical systems, or any Internet of Things (IoT) system, demand a cyber infrastructure that matches their combined enormity and complexity. Risk management solutions must be capable of understanding intricate attack patterns and assessing complex vulnerabilities to give stakeholders confidence in their system’s ability to withstand malicious attacks.

 

At the Cybersecurity Workshop, practitioners will break down the Security Engineering Lifecycle to help organizations plan for, budget, and reduce costs when building/acquiring secure and resilient software-intensive systems. Cyber experts who have written (and are writing) critical IT/software standards will share business cases where automated risk management, blended with engineering and assurance solutions, addressed key cyber risk issues and enabled real-time reaction capability.


The learning objectives of this workshop:

  • Emerging technologies that contain the cost curve for cyber development and integration
  • The costs involved for budgeting cyber architecture, Risk Management Framework (RMF) analysis, and cyber integration during system integration
  • How to efficiently maintain cyber protection with constantly evolving threats
  • Case studies that reveal the costs of integrating cyber into new systems

Attendees will be presented with business cases and practical guidance in achieving these objectives.

 

Dr. Bill Curtis, CISQ Executive Director, presents Measuring the Cybersecurity of Software.

 

This Cybersecurity Workshop is part of the OMG® Technical Meeting, December 5-9, 2016 in Coronado, California. The registration fee for the workshop is $149. For groups of 5+ people, the registration fee is $99. Contact tracie@omg.org for group registration. If you register for the Technical Meeting week, there is no additional fee to attend any or all of the special events. 

 

View the agenda and register here

 

 

 

 

 

 

 

 

The QA Financial Forum: New York

The Harvard Club, 35 West 44th Street, New York, NY 10036, United States

 

qa-event-new-york-mpu-1The QA Financial Forum is the only conference focused on: Quality Assurance and Testing for Continuous App Delivery, IT Risk Management and Regulatory Compliance, Test Automation, Virtualization and the Cloud.

 

This conference is produced by www.QA-Financial.com to meet the information needs of senior IT professionals and procurement at banks, asset management companies and insurance companies.

 

See the agenda and register for this conference now.

 

You will be investing your valuable time in attending a conference where you will:

  • Hear from expert speakers from leading financial firms, including Fannie Mae, Capital One and leading investment banks and asset management companies.
  • Network with your peers — learn, exchange views and make new contacts — in the ideal central location of the Harvard Club of New York.
  • Discuss new technologies with carefully selected vendors and consultants — a chance for due diligence and exchange of information in an informal, confidential, environment.

 

Paul Bentz, CISQ Director of Government and Industry Programs, is speaking on the panel, “Embedding Regulatory Compliance and Security into Software Quality Assurance.”

 

 

 

 

 

 

 

Texas IT Forum: A Vision for Improving the Success Rates in Texas State Agency IT Projects

The Texas IT Forum is being held in the Texas State Capitol Extension Building (E1.004) in Austin, Texas.

 

Prevention of a troubled project is the approach with the lowest total cost of ownership. A starting point in creating a community consensus is by identifying a small set of underlying principles that can unify and enable our strategies and approaches moving into the future. Underlying those principles are a suite of best practices that could be applied within and across Texas state agencies.

 

The Texas IT Forum brings together state legislative representatives, state agency and public sector CIOs/CTOs/IRMs, members of other key state agency organizations that monitor such projects, industry IT and software development professionals and other subject matter experts. The breakout sessions will explore potential solution areas (e.g. IT procurement, early interventions, performance measurement, software development best practices, etc.). The event is complemented by social opportunities, providing further venues for discussion and networking.

 

Dr. Bill Curtis, CISQ Executive Director, will present a plenary talk, “Future Directions in IT Procurement Metrics.”

 

This event is free. Click here to learn more and register now.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

CISQ’s Automated Enhancement Points Metric Becomes Object Management Group Standard for Software Sizing

Needham, MA – October 11, 2016 – The Consortium for IT Software Quality™ (CISQ™), an IT industry leadership group that submits standards for measuring software quality and size, today announced that the Board of Directors of the Object Management Group® (OMG®) voted to approve the finalization of the Automated Enhancement Points specification. OMG is an international, open membership, not-for-profit standards consortium.

 

According to CISQ’s Executive Director, Dr. Bill Curtis, “Automated Enhancement Points improves the measurement of software size for use in productivity analysis by measuring both the functional and non-functional size of software. This is a significant advance in automated software sizing that solves problems that functional size measures have experienced in analyzing productivity during maintenance and enhancement activities.”

 

The OMG standard is available to the public for free download at http://www.omg.org/spec/AEP/.

 

This new standard for software sizing follows on the heels of the OMG standard for Automated Function Points™ written by CISQ and approved in 2013. Automated Function Points automate the functional sizing of transaction-oriented software applications.

 

The Automated Enhancement Points specification combines both traditional IFPUG-based function points with a similar measure for the non-functional part of the code to account for all the work accomplished when developers make enhancements, modifications, or deletions regardless of whether it’s done to functional code or non-functional code.

 

With these two standards for function point analysis and software sizing, organizations can:

  • perform software quality and productivity analysis
  • enable users to determine the ROI of an application by sizing the functionality that specifically matches the requirements of their organizations
  • calibrate estimating methods against the results of past estimates
  • measure and manage contracts and agreements with system integrators and outsourcers
  • normalize data used in software benchmarks
  • determine the size of a purchased application package (COTS or customized system) by sizing all the code included in the package.

 

About CISQ
The Consortium for IT Software Quality™ (CISQ™) is an IT industry leadership group comprised of IT executives from the Global 2000, system integrators, outsourced service providers, and software technology vendors committed to introducing computable metrics standards for measuring software quality and size. Founded by the Object Management Group (OMG®) and the Software Engineering Institute (SEI) at Carnegie Mellon, CISQ is a neutral, open forum in which customers and suppliers of IT application software can develop an industry-wide agenda of actions for improving IT application quality and reduce cost and risk. CISQ is sponsored by Booz Allen Hamilton, CAST, Cognizant, Huawei and Synopsys. For more information, visit www.it-cisq.org.

 

Contact

Ann McDonough
mcdonough@omg.org
+1 781-444-0404

 

###

Note to editors: For a listing of all OMG trademarks, visit http://www.omg.org/legal/tm_list.htm. All other trademarks are the property of their respective owners.

 

 

 

Cyber Resilience Summit Brings Together U.S. Government Leaders and IT Standards Experts

October 20 Summit Theme is “Ensure Resiliency in Federal Software Acquisition”

 

Needham, MA – October 3, 2016 – The Cyber Resilience Summit will be held on Thursday, October 20, 2016 at the Army Navy Country Club in Arlington, Virginia. The Summit will begin at 8:00 a.m. and end at 12:30 p.m. Registration is open to the public and costs $95 USD. Admission for government officials is complimentary.

 

The Consortium for IT Software Quality™ (CISQ™) hosts this semiannual event to brief U.S. Government leaders on cyber risk standards for ensuring quality, security, and resiliency in IT acquisition and modernization programs.

 

One of the Summit’s major themes is legacy IT modernization. In his keynote address, Dr. David Bray, CIO of the Federal Communications Commission (FCC), will discuss how the FCC prioritized cyber resilience during a period of digital transformation. He led a team of “change agents” that upgraded the FCC’s aging legacy IT, which was comprised of more than 207 different systems, to cloud computing, saving the FCC millions.

 

In addition to Dr. Bray’s keynote, the Summit will feature a “Titans of Cyber” panel, representing stakeholders from: the U.S. Department of Defense, U.S. Department of Homeland Security, U.S. Marine Corps and the U.S. Navy. They will discuss what’s being done to secure the nation’s critical IT infrastructure and will advocate for cyber risk standards in IT software development, sustainment and acquisition processes. The discussion will be led by Marv Langston, who previously served as Department of Defense Deputy CIO, Deputy Assistant Secretary of Navy for C4I, the Navy’s first CIO, and Director of the Defense Advanced Research Projects Agency (DARPA).

  • J. Michael Gilmore, Director of Operational Test and Evaluation, Office of the Secretary of Defense, U.S. Department of Defense
  • Kevin Dulany, Chief, IA Acquisition and Technology Oversight Division, DIAP
  • Ray Letteer, Chief, Cyber Security Division, U.S. Marine Corps
  • Christopher Page, Command Information Officer, Office of Naval Intelligence, U.S. Navy
  • Vice Admiral Kevin Green, U.S. Navy (ret.)

Three other presentations are scheduled during the event: “Standards of Practice for IT Modernization and Software Assurance” which will focus on standards and best practices for combating cyber risk, “Defending Against Exploitable Weaknesses When Acquiring Software-Intensive Systems” and “Integration of Security and Agile/DevOps Processes.” To view the complete Cyber Resilience Summit agenda and register, please visit http://it-cisq.org/cyber-resilience-summit-2016/.

 

This event is supported by the Object Management Group®, Interoperability Clearinghouse, and the IT Acquisition Advisory Council.

 

About CISQ

The Consortium for IT Software Quality (CISQ) is an IT industry leadership group comprised of IT executives from the Global 2000, system integrators, outsourced service providers, and software technology vendors committed to introducing computable metrics standards for measuring software quality and size. Founded by the Object Management Group (OMG®) and the Software Engineering Institute (SEI) at Carnegie Mellon University, CISQ is a neutral, open forum in which customers and suppliers of IT application software can develop an industry-wide agenda of actions for improving IT application quality and reduce cost and risk. CISQ is sponsored by Booz Allen Hamilton, CAST, Cognizant, Huawei and Synopsys. For more information, visit www.it-cisq.org.

 

Contact

Ann McDonough
mcdonough@omg.org
+1 781-444-0404

 

###

Note to editors: For a listing of all OMG trademarks, visit http://www.omg.org/legal/tm_list.htm. All other trademarks are the property of their respective owners.

CISQ Webcast: Reducing Software Vulnerabilities – The “Vital Few” Process and Product Metrics

Title:  Reducing Software Vulnerabilities – The “Vital Few” Process and Product Metrics
Speakers:   Dr. Bill Curtis, Executive Director, CISQ; Girish Seshagiri, EVP/CTO, ISHPI
Date:  Wednesday, October 26, 2016
Time:   2:00pm – 3:00pm ET

 

Presentation now available to view on CISQ’s YouTube Channel

 

In this webinar, we will demonstrate the combined impact of high maturity processes and disciplined agile teams on secure software development. We will share real world data – nearly zero security incidents attributable to poor quality software.

 

Defective software is insecure. This presentation will demonstrate how disciplined agile teams consistently deliver substantially defect-free software on predictable cost, and schedule, by making quality the number one goal of every project. The teams build security throughout the life cycle and do not rely on testing alone for defect removal. Customer benefits include dramatically reduced number of security incidents attributable to poor quality software code and reduced operations and maintenance costs. While time to market is important, managers must also empower developers with the skills, training and certification needed to deliver products with fewer vulnerabilities the first time around. We will share real world cost, schedule and quality data to illustrate these points.

 

Takeaways from the webinar:

  • The impact of common violations of good coding practices on security and maintainability
  • How to ensure that software code has zero Top 25 most dangerous security violations early in the lifecycle
  • “Excellent” code can reduce maintenance cost to as little as 3 to 5 percent of development cost
  • The cause of suboptimal results such as a “deliver now, fix later” culture, unacceptable increases in technical debt and total ownership cost in many “agile” projects
  • High maturity optimizing process provides the “vital few” process and product metrics to help agile teams reduce software vulnerabilities
  • How to build and maintain agile software development teams and achieve results better than the best in class

 

Presentation now available to view on CISQ’s YouTube Channel

 

 

 

 

 

 

AFCEA Washington, DC Cybersecurity Summit

afcea-washington-dc-2016

Striking the Balance Between Proactive and Reactive Cyber

 

With cyber threats occurring daily and becoming more intrusive, it’s critical for government and industry leaders to stay current on security innovations, connections and resources to help defend their enterprises.

 

Join your peers and colleagues at AFCEA Washington, DC’s Cybersecurity Summit and take a deeper dive into tackling evolving threats, emerging security procedures, and how the latest cyber education standards will affect your workforce. Government employees and military receive complimentary admission.

 

Visit the event website for more information on:

 

Register for Cybersecurity Summit and build a solid foundation of skills and knowledge that qualify for CompTIA and/or GIAC CE units. Spend the day networking with more than 700 like-minded professionals – 40% are government employees or military.

 

Day 1: October 11, 2016
Time: 8:00 AM – 4:30 PM
Location: Grand Hyatt Washington
1000 H Street, NW
Washington, DC 20001
Unclassified Day

 

Day 2: October 12, 2016
Time: 8:00 AM – 2:00 PM
Location: General Dynamics Information Technology
6400 Grovedale Drive
Alexandria, VA 22301
SCI Clearance Required

 

Questions? Contact the Chapter Registrar at registrar@dc.afceachapters.org.

 

Click here to register