The Crossroads of IT Modernization and Cybersecurity
Hosted by: Consortium for Information & Software Quality™ (CISQ™) in cooperation with the Object Management Group (OMG) and IT Acquisition Advisory Council (IT-AAC)
DATE: October 16, 2018
TIME: 8:00am – 3:30pm
TOPIC: Reducing Modernization Risk through Compliance to Software and Risk Management Standards
PLACE: Army Navy Country Club, 1700 Army Navy Drive, Arlington, VA
WEB SITE: https://www.ancc.org/
PHONE: +1 703-521-6800
RSVP:
The 6th semiannual Cyber Resilience Summit: The Crossroads of Modernization and Cybersecurity returns to Arlington, VA in October. The program focuses on standards and best practices for measuring risk and quality in IT-intensive programs from the standpoint of productivity, software assurance, overall quality and system/mission risk. Discussions expose proven methods and tools of incorporating such standard quality metrics into the IT software development, sustainment and acquisition processes. Given the government's commitment to IT modernization and cybersecurity, this is a unique opportunity to get this right for the next twenty years. You are deploying the “legacy systems of tomorrow” and need sustainable outcomes.
REGISTRATION IS NOW CLOSED! THANK YOU TO EVERYONE ATTENDING!
To access presentations, visit https://it-cisq.org/wiki/it-modernization-best-practices-repository/. You're also encouraged to sign CISQ’s Trustworthy Systems Manifesto!
AGENDA
Time | Session |
---|---|
8:00 | Welcome to the Cyber Resilience Summit
Dr. Bill Curtis, Executive Director, Consortium for Information & Software Quality (CISQ) |
8:15 | Titans of Cyber: Critical Success Factors for Modernizing and Securing Government IT
Lead: John Weiler, Vice Chair, IT Acquisition Advisory Council (IT-AAC) Federal IT leaders brief on priorities, policy and plans for modernizing and securing government IT, building momentum from the “forcing functions” of the Federal IT Acquisition Reform Act (FITARA), Executive Order 13800 for Cybersecurity, Modernizing Government Technology (MGT) Act, and the President’s Management Agenda. Titans of Cyber speakers:
|
9:30 | Trustworthy Systems Manifesto from CISQ
Dr. Bill Curtis, Executive Director, Consortium for Information & Software Quality (CISQ) As businesses and governments automate more of their business and mission processes, the risk to which Information Technology (IT) exposes the organization grows dramatically. In an era of 9-digit defects (IT incidents with damages over $100,000,000), senior executives outside IT are held accountable and some have lost their jobs. CISQ will brief on cyber risk measurement standards and then introduce a Trustworthy Systems Manifesto. The Manifesto contains a set of principles that senior business and public executives should hold IT accountable for implementing to ensure the systems to which they have entrusted the business or mission are trustworthy. A trustworthy system is one that is secure from unauthorized users and actions, reliable in its performance, resilient to unexpected conditions, and accurate in its computations. |
10:15 | Break & Networking |
10:30 | Supply Chain Risk Management (SCRM) Gets Legislative Attention
Lead: Joe Jarzombek, Director for Government, Defense and Aerospace Programs, Synopsys and Governing Board Member, Consortium for Information & Software Quality (CISQ) Software supply chain assurance is finally en vogue. The Pentagon is evaluating how to insert security metrics into the acquisition process to measure cyber risk on the same scale as cost, schedule, and performance. The phrase “shift left” from software development circles applies here, referring to the practice of mitigating risk earlier in the system lifecycle to avoid costly, compounded technical debt and unacceptable levels of risk from vulnerabilities and compromise. This panel will discuss the latest developments, best practices, and standards of practice for SCRM. Speakers:
|
11:30 | Continuous Diagnostics and Mitigation (CDM) Moves to Phase 4
Betsy Kulick, CDM Program Deputy Director, U.S. Department of Homeland Security One of the biggest cybersecurity programs in the U.S. Federal Government is Continuous Diagnostics and Mitigation (CDM) at the Department of Homeland Security. This session will discuss the CDM roadmap and phase 4 of the program which targets protection of data and the application stack. |
12:15 | Lunch and networking |
1:15 | Regulators Roundtable: Best Practices in Cyber Policy for Industry
Lead: Dr. Bill Curtis, Executive Director, Consortium for Information & Software Quality (CISQ) This cross-agency panel will discuss how cyber risk is measured and how cyber policy is set and implemented in the industries they regulate. What can agencies learn from each other in addressing the challenges of regulating industries? How do agencies strike the right balance in protecting citizens without stifling the pace of industry and innovation? What can industry learn from the government’s cyber practices? Speakers:
|
2:15 | Innovative Methods for Producing Cybersecure Software
Lead: Girish Seshagiri, EVP and CTO, ISHPI Information Technologies and Board Member, Consortium for Information & Software Quality (CISQ) The IT standards community is driving initiatives to automate cyber risk measurement and cyber threat modeling. In tandem, workforce development is critical to meeting the government’s cyber challenges and our nation’s IT skills gap. This panel of subject matter experts will brief the audience on methods for producing cybersecure, resilient and sustainable software systems through practice and education. Speakers:
|
3:15 | Closing Remarks |
Thank You CISQ Sponsors
Partners