On March 15, CISQ hosted the Cyber Resilience Summit in Washington, D.C., bringing together nearly 200 IT innovators, standards experts, U.S. Federal Government leaders and attendees from private industry. The CISQ quality measures have been instrumental in guiding software development and IT organization leaders concerned with the overall security, IT risk management and performance of their technology. It was invigorating to be amongst like-minded professionals who see the value in standardizing performance measurement.
IT Risk Management – CISQ Cyber Resilience Summit, Washington, D.C.
The Summit covered topics from the layered cybersecurity defense approach taken by the NSA, to the impact of acquisition policy on the reliability and security of Federal software-intensive systems. I had the privilege of presenting alongside Emile Monette of the U.S. General Services Administration, John Weiler of IT-AAC, and Richard Spires, currently of Learning Tree International and recently CIO of the U.S. Department of Homeland Security.
Our panel was focused on IT Acquisition and driving down cyber risk. As we analyzed the current status quo, we made four key findings:
CAST is working closely with industry groups such as CISQ to implement best-in-class measurement standards that will aid both the private and public sector. The software measurement standards that pertain to software risk and resilience - those focused on the full application and transactions rather than only code quality - are of particular importance to industry.
Poor quality code makes it harder to build onto systems over time, and it exposes software to more threats from hackers. Too often security is not a key factor in the beginning stages of software development, creating a difficult environment to secure and protect.
At CAST, we have established five key measurement qualities: Robustness, Efficiency, Security, Changeability and Transferability. Customers around the globe are identifying and mitigating security flaws before they turn into risks, saving immeasurable time and resources. As we continue to work with our government customers on IT risk management, we look forward to seeing the taxpayer reap the benefits of quality software.
Erik Oltmans, an Associate Partner from EY, Netherlands, spoke at the Software Intelligence Forum on how the consulting behemoth uses Software Intelligence in its Transaction Advisory services.
Erik describes the changing landscape of M & A. Besides the financial and commercial aspects, PE firms now equally value technical assessments, especially for targets with significant software assets. He goes on to detail how CAST Highlight makes these assessments possible with limited access to the targetâ€™s systems, customized quality metrics, and liability implications of open source components - all three that are critical for an M&A due diligence.