from March 15 Cyber
Thank you for attending!
Last week CISQ hosted the Cyber Resilience
Summit, our 4th annual
event in Washington, D.C., bringing together nearly 200 IT
innovators, standards experts, U.S. Federal Government leaders, and
attendees from private industry. The CISQ quality measures became official
standards last fall, so this was our largest outreach event to date.
The Summit covered topics from the layered cybersecurity defense
approach taken by the NSA, to the impact of acquisition policy on the
reliability and security of Federal software-intensive systems.
As Dr. Phyllis Schneck (Deputy Under Secretary for
Cybersecurity and Communications for the National Protection and
Programs Directorate, U.S. Department of Homeland Security) explained
on the "Titans of Cyber" panel pictured below, the safest
position is to assume
your systems have already been penetrated and you must decide
how to defend against the intruder.
| Titans of Cyber: Dr. J. Michael Gilmore, DoD OT&E; Dr. Phyllis Schneck, DHS NPPD; John Weiler, IT-AAC; Lucia Savage, ONC HHS; Dr. Paul Nielsen,
SEI, Carnegie Mellon University
||L-R: Tom Hurt, DoD; Dr. Paul Nielsen,
SEI, Carnegie Mellon University; Dr. Bill Curtis, CISQ; Don Davidson, DoD
Key themes coming out of the event:
Software must move from a "craft" to an engineering discipline
The current level of risk in Federal IT is unacceptable and
processes must change
Poor quality software is inherently less secure and resilient
You can’t secure software with risky architecture – both vulnerabilities must be addressed together
For their time and insights, I thank the Summit presenters: Curtis Dukes (NSA),
Dr. Phyllis Schneck (DHS), Dr. J. Michael Gilmore
(DoD OT&E), Lucia Savage (HHS), Dr. Paul Nielsen (SEI, Carnegie
Mellon U.), Dr. David Zubrow (SEI, Carnegie Mellon U.), Dr. Vadim Okun (NIST),
Kris Britton (NSA), Dr. Robert Childs (AFCEA), John Weiler (IT-AAC),
Emile Monette (GSA), Lev Lesokhin (CAST), Richard Spires (Learning
Tree), Joe Jarzombek (Synopsys), Don Davidson (DoD), and Jon Boyens
The presentations have been posted to the CISQ
Dr. Bill Curtis
Automated Enhancement Points: CISQ submitted a proposed
specification for Automated
Enhancement Points to the Object Management Group® (OMG®).
Automated Enhancement Points is a measure of software size to be used in productivity analysis and sizing of software maintenance activities.The
spec is being voted on by OMG members. We anticipate the spec will
become a standard in 2016.
Technical Debt: CISQ is currently working on a
specification for structural quality Technical
Debt. Technical Debt is a measure of software cost due to defects remaining in code at release.
Technical Debt is a primary component of the cost of ownership of an
application. The Software Engineering Institute (SEI) at Carnegie
Mellon University has been a leader in developing a framework for
Technical Debt and is engaged in the project. In addition to an
automated measure, the team will provide a general framework for
describing and analyzing Technical Debt. CISQ will be participating
in the Dagstuhl Seminar,"Managing Technical
Debt in Software Engineering," in April to be held at Schloss
Dagstuhl in Germany to build consensus on the Technical Debt
framework and how it should be measured.
Invited to"Reducing IT Outages in UK
Banks" in April
Event: Reducing IT Outages in
Date: April 27, 2016
15:00 – 17:00 Presentations & Panel
17:00 – 18:00 Networking & Drinks
Location: techUK building at 10 St Bride Street, London EC4A 4AD
Over the last few years the UK banks have suffered an increasing number of major IT outages causing customer dissatisfaction, brand damage, and, in some cases, fines from the regulators.
It is more critical than ever for UK banks to measure the risk, robustness and security of core applications to mitigate these IT risks.
more & register here
STAREAST, May 1-6, 2016 in Orlando, FL
CISQ is a partner sponsor. Save $200 with
the code SECM!
2016, May 2-5, 2016 in San
CISQ is a partner sponsor.
ISMA12, May 3-5, 2016 in Rome, Italy.
CISQ is speaking.
Gartner Enterprise Architecture
Summit, May 11-12, 2016 in National
CISQ is a partner sponsor. Save $325
with the code GARTCISQ!
Agile Dev, Better Software, DevOps
West, June 5-10, 2016 in Las Vegas, NV.
CISQ is a partner sponsor. Save $200 with
the code CWCM!
Thank You CISQ