Share this:

Cyber Resilience Summit – Knowledge Repository

Wikis > Cyber Resilience Summit - Knowledge Repository

This Knowledge Repository wiki was created for the Cyber Resilience Summit series. Here you will find meeting notes, presentations, policy updates, press coverage and more.

 

The Cyber Resilience Summit Knowledge Repository is managed by

  

 

 

MEETING NOTES

Download meeting notes from the March 20, 2018 Cyber Resilience Summit

 

Download meeting notes from the October 19, 2017 Cyber Resilience Summit

 

PRESENTATIONS

Standards for Managing Cybersecurity, Risk and Technical Debt
Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality (CISQ)
Cyber Resilience Summit, March 20, 2018

 

Using Software Quality Standards with Outsourced IT Vendors – a Fortune 100 Case Study
Marc Cohen, Vendor Management practitioner at Fortune 100 institution
Cyber Resilience Summit, March 20, 2018

 

Security Risk Management
Adam Isles, Principal, Chertoff Group
Cyber Resilience Summit, March 20, 2018

 

Bugcrowd – The Pentagon Opened Up to Hackers and Fixed Thousands of Bugs
Michael Chung, Head of Government Solutions, Bugcrowd
Cyber Resilience Summit, March 20, 2018

 

Risk Management Standards in Practice
Robert Martin, Senior Principal Engineer, MITRE
Cyber Resilience Summit, March 20, 2018

 

Getting IT Quality Standards into Practice – Confessions of a Texas IT Champion
Herb Krasner, University of Texas at Austin (ret.), Texas IT Champion
Cyber Resilience Summit, March 20, 2018

 

UL 2900 Security Standards
Jeff Barksdale, Principal Security Advisor, Underwriters Laboratories (UL)
Cyber Resilience Summit, March 20, 2018

 

Technical Debt Findings and a Standard
Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality (CISQ)
Cyber Resilience Summit, October 19, 2017

 

Roadmap for IT Modernization and Cyber Resilience
John Weiler, Vice Chair, IT Acquistion Advisory Council (IT-AAC)
Cyber Resilience Summit, October 19, 2017

 

Vision for Improving Performance in Texas State IT Projects: Measuring Quality and Cybersecurity
Herb Krasner, University of Texas at Austin (ret.), Texas IT Champion
Cyber Resilience Summit, October 19, 2017

 

Supply Chain Risk Management (SCRM) for Continuous Diagnostics and Mitigation (CDM) Products

Emile Monette, Senior Cybersecurity Strategist and Acquisition Advisor, DHS OCISO

Cyber Resilience Summit, October 19, 2017

 

 

PRESS COVERAGE

Resources-strapped agencies are leaving networks vulnerable to cyberattack
Jessie Bur, Federal Times, March 21, 2018

 

Tony Scott calls IT workforce drain a “creeping” crisis bigger than Y2K
Carten Cordel, fedscoop, October 20, 2017

 

Report: DHS Tests Cyber Tech Acquisition Management Model
Nichols Martin, ExecutiveGov, October 20, 2017

 

DHS piloting agile cyber acquisition, CDM for cloud, CISO says
Carten Cordel, fedscoop, October 19, 2017

 

DHS to Stand Up CDM Cloud Services for Small Agencies
Morgan Lynch, Meritalk, October 19, 2017

 

Learn to Deal With Cyber Risk
Morgan Lynch, Meritalk, October 19, 2017

 

 

POLICY

 

The Presidents Management Agenda was released on March 20, 2018 and focuses on three drivers: IT modernization, modern workforce, data transparency and accountability.  “A key part of the President’s Management Agenda is establishing cross-agency priority goals, or what we call CAP goals, to compliment the broad vision and get into execution and on the ground tactics,” says Office of Management and Budget Deputy Director  for Management Margaret Weichert. “Each CAP goal will be led by an interagency team of senior federal leaders.” Read more on Federal Times.

 

OMB’s user guide to the MGT Act – February 6, 2018 on FWC

The Office of Management and Budget is working on a rules-of-the-road document to cover how agencies can seek funds under the Modernizing Government Technology Act. In a 19-page draft memorandum to agency heads obtained by FCW, OMB lays out what information agencies should include in their project proposals to receive money from the centralized modernization fund, housed by the General Services Administration, as well as how to navigate using their IT working capital funds.

 

Gen. Burke “Ed” Wilson was promoted to OSD Policy on Cyber. Read the announcement published January 29, 2018 on www.defense.gov.

 

Suzette Kent, principal at Ernst & Young, is appointed new Federal CIO by President Donald Trump. Read Trump picks federal CIO (FCW) on January 26, 2018.

 

Final White House IT Modernization Plan delivered to President Trump in December 2017 outlining plans to accelerate the modernization of legacy systems. See https://itmodernization.cio.gov/.

 

IT-AAC Federal IT Modernization Report signed September 20, 2017 was submitted to White House American Technology Council (ATC) in response to Executive Order 13,800.

 

IT-AAC Recommendations for Embracing Commercial Cloud in DoD signed November 17, 2017 submitted to DoD Cloud Executive Steering Group.

 

 

CYBER RESILIENCE STANDARDS

Consortium for IT Software Quality (CISQ) www.it-cisq.org/standards

Also see related standards and guidelines including NIST, ISO, CMM, etc.

 

 

WEBINARS

New Automated Technical Debt Standard 

The CISQ measure of Automated Technical Debt has just been approved by the OMG® as a standard for measuring the future cost of defects remaining in system source code at release. Technical Debt hinders innovation and puts businesses at unacceptable levels of risk, including high IT maintenance costs, outages, breaches, and lost business opportunities. Dr. Bill Curtis, CISQ Executive Director, delivers an overview of the specification.

 

Using Software Quality Standards with Outsourced IT Vendor Engagements – a Fortune 100 Case Study

Marc Cohen led IT vendor management at American Express and discusses how to use software quality standards from CISQ in outsourcing engagements. He explains how to derive better software, better development resources, and better vendor relationships by leveraging software quality standards.

 

Using Software Quality Standards at Scale in Agile and DevOps Environments

Over the past two years Fannie Mae IT has transformed from a waterfall organization to a lean culture enabled by Agile and DevOps. Barry Snyder, DevOps Product Manager at Fannie Mae, discusses how to use software measurement standards from CISQ to demonstrate significant improvements in code quality and development productivity. Executive management monitors the organization’s Agile-DevOps transformation by reviewing quality, productivity, and delivery-to-speed.

 

 

IT ACQUISITION ADVISORY COUNCIL (IT-AAC) DOCUMENTS

 

 

ADDITIONAL RESOURCES

 

A Useful Point of Reference for Critical Infrastructure Resilience
Don O’Neill, Independent Consultant

 

Presentations from OMG® Modernization Summit, March 21, 2018 in Reston, VA

 

 

 

 

PHOTOS

View more photos from the Cyber Resilience Summit here

Comments are closed.