Share this:

Cyber Resilience Summit: The Crossroads of IT Modernization and Cybersecurity

October 16, 2018

 

TOPIC: Reducing Modernization Risk through Compliance to Software and Risk Management Standards

 

HOSTED BY: Consortium for IT Software Quality™ (CISQ™) in cooperation with the Object Management Group® (OMG®) and IT Acquisition Advisory Council (IT-AAC)

 

IT MODERNIZATION BEST PRACTICES REPOSITORY: http://it-cisq.org/wiki/it-modernization-best-practices-repository/

 

The 6th semiannual Cyber Resilience Summit: The Crossroads of Modernization and Cybersecurity returns to Arlington, VA in October. The program focuses on standards and best practices for measuring risk and quality in IT-intensive programs from the standpoint of productivity, software assurance, overall quality and system/mission risk. Discussions expose proven methods and tools of incorporating such standard quality metrics into the IT software development, sustainment and acquisition processes.

 

Our message to attendees: This is a unique opportunity to get this right for the next twenty years. You are deploying the “legacy systems of tomorrow” and need sustainable outcomes.

 

REGISTRATION IS NOW CLOSED! THANK YOU TO EVERYONE ATTENDING!

 

To access presentations, visit https://it-cisq.org/wiki/it-modernization-best-practices-repository/ or visit CISQ Members Area under “Event and Seminar Presentations”

 

Don’t forget to sign CISQ’s Trustworthy Systems Manifesto!

 

 

AGENDA

 

8:00 Welcome to the Cyber Resilience Summit

Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality (CISQ)

John Weiler, Vice Chair, IT Acquisition Advisory Council (IT-AAC)

8:15 Titans of Cyber: Critical Success Factors for Modernizing and Securing Government IT

Lead: John Weiler, Vice Chair, IT Acquisition Advisory Council (IT-AAC)

 

Federal IT leaders brief on priorities, policy and plans for modernizing and securing government IT, building momentum from the “forcing functions” of the Federal IT Acquisition Reform Act (FITARA), Executive Order 13800 for Cybersecurity, Modernizing Government Technology (MGT) Act, and the President’s Management Agenda.

 

Titans of Cyber speakers:

  • Mark Hakun, Deputy Chief Information Officer, National Security Agency
  • Scott Tousley, Deputy Director, Cyber Security Division, U.S. Department of Homeland Security Science and Technology Directorate
  • Susan Dorr, Intelligence Community, Chief Information Security Officer (IC CISO) and Director, Intelligence Community, Chief Information Officer, Cybersecurity Division (IC CIO CSD)
  • Mark Kneidinger, Deputy Director, National Risk Management Center, U.S. Department of Homeland Security
9:30 Trustworthy Systems Manifesto from CISQ

Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality (CISQ)

 

As businesses and governments automate more of their business and mission processes, the risk to which Information Technology (IT) exposes the organization grows dramatically. In an era of 9-digit defects (IT incidents with damages over $100,000,000), senior executives outside IT are held accountable and some have lost their jobs.

 

CISQ will brief on cyber risk measurement standards and then introduce a Trustworthy Systems Manifesto. The Manifesto contains a set of principles that senior business and public executives should hold IT accountable for implementing to ensure the systems to which they have entrusted the business or mission are trustworthy. A trustworthy system is one that is secure from unauthorized users and actions, reliable in its performance, resilient to unexpected conditions, and accurate in its computations.

 

 10:15 Break & Networking
 10:30 Supply Chain Risk Management (SCRM) Gets Legislative Attention

Lead: Joe Jarzombek, Director for Government, Defense and Aerospace Programs, Synopsys and Board Member, Consortium for IT Software Quality (CISQ)

 

Software supply chain assurance is finally en vogue. The Pentagon is evaluating how to insert security metrics into the acquisition process to measure cyber risk on the same scale as cost, schedule, and performance. The phrase “shift left” from software development circles applies here, referring to the practice of mitigating risk earlier in the system lifecycle to avoid costly, compounded technical debt and unacceptable levels of risk from vulnerabilities and compromise. This panel will discuss the latest developments, best practices, and standards of practice for SCRM.

 

Speakers:

  • William Stephens, Director of Counterintelligence, Defense Security Service
  • Don Davidson, Deputy Director, Cybersecurity Risk Management (+ Chief of SCRM Division), Office of the Deputy DoD-CIO for Cybersecurity
  • Shon Lyublanovits, Senior Advisor for Cybersecurity, GSA
  • Dr. Allan Friedman, Director, Cybersecurity Initiatives, National Telecommunications and Information Administration, U.S. Department of Commerce
 11:30 Continuous Diagnostics and Mitigation (CDM) Moves to Phase 4

Betsy Kulick, CDM Program Deputy Director, U.S. Department of Homeland Security

 

One of the biggest cybersecurity programs in the U.S. Federal Government is Continuous Diagnostics and Mitigation (CDM) at the Department of Homeland Security. This session will discuss the CDM roadmap and phase 4 of the program which targets protection of data and the application stack.

 

12:15 Lunch & Networking
1:15 Regulators Roundtable: Best Practices in Cyber Policy for Industry

Lead: Dr. Bill Curtis, Executive Director, Consortium for IT Software Quality (CISQ)

 

This cross-agency panel will discuss how cyber risk is measured and how cyber policy is set and implemented in the industries they regulate. What can agencies learn from each other in addressing the challenges of regulating industries?  How do agencies strike the right balance in protecting citizens without stifling the pace of industry and innovation? What can industry learn from the government’s cyber practices?

 

Speakers:

  • Chris Hetner, Senior Cybersecurity Advisor to the Chairman, U.S. Securities and Exchange Commission
  • Bethany Dugan, Deputy Comptroller for Operational Risk, Office of the Comptroller of the Currency
  • Dr. Seth Carmody, Cybersecurity Program Manager, U.S. Food and Drug Administration (FDA Cybersecurity Resource)
  • Donald Saxinger, Chief, IT Supervision, Division of Risk Management Supervision, FDIC
 2:15 Innovative Methods for Producing Cybersecure Software

Lead: Girish Seshagiri, EVP and CTO, ISHPI Information Technologies and Board Member, Consortium for IT Software Quality (CISQ)

 

The IT standards community is driving initiatives to automate cyber risk measurement and cyber threat modeling. In tandem, workforce development is critical to meeting the government’s cyber challenges and our nation’s IT skills gap. This panel of subject matter experts will brief the audience on methods for producing cybersecure, resilient and sustainable software systems through practice and education.

 

Speakers:

  • Paul Seay, Northrop Grumman Fellow, Engineering Center of Excellence, NGMS Engineering, Sciences, and Technology, Northrop Grumman Corporation
  • Bill Newhouse, Deputy Director, National Initiative for Cybersecurity Education (NICE); Security Engineer, National Cybersecurity Center of Excellence (NCCoE), NIST
  • Robert Martin, Senior Principal Engineer, MITRE
3:15 Closing Remarks

 

VENUE

 

Army Navy Country Club

Grand Ballroom, 2nd floor

1700 Army Navy Drive, Arlington, VA

website: https://www.ancc.org/ phone: 703-521-6800

 

 

 

 

VIDEO CLIPS FROM SPRING SUMMIT

 

 

 

THANK YOU CISQ SPONSORS

 

 

PARTNERS

 

PHOTOS

 

 

 

 

10 thoughts on “Cyber Resilience Summit: The Crossroads of IT Modernization and Cybersecurity

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code

Comment validation by @