Software Risk Management: Risk Governance in the Digital Transformation

by

UntitledSoftware Risk Management in Digital Transformation was the focus during the 4th edition of the Information Technology Forum, hosted by International Institute of Research (IIR).  Massimo Crubellati, CAST Italy Country Manager, discussed how Digital Transformation processes are changing the ICT scenario and why software risk management and prevention is mandatory.

 

Massimo shared our recipe for Digital Governance evolution: including a specific ICT Risk chapter in the design of the governance structure of the digital transformation, whose most relevant aspect is to determine which methods and through which key performance indicators to measure the operational risk inherent in the application portfolio. Measurement needs to be continuous and structural, it must include the assessment of application assets inherent weaknesses, through the analysis of correlations between the layers composing them. Thus obtaining, not only an effective prevention of direct damage ensuring the service resilience, but a reduction in maintenance and application management costs.

The event was an interesting opportunity to reflect on the fact that the only road that KPIs can follow is that of standardization in accordance to the CISQ / OMG standard, establishing the standard for measures of operational risks: Reliability, Security and Performance Efficiency. These KPIs need to be measured automatically and unambiguously, independently from the architecture and application structure, thus leading to the effective prevention of incidents, nowadays potentially devastating for completely online business models.

Most of the financial institution attending the event, had been invited to reflect on the fact that, once the decision to convert all of its processes and service model through an agile approach, a phase of risk measurement between the release iterations of services shall be added to their application governance processes, thereby making them able to identify potential software risks even before these turn out to be in production, avoiding both direct damages incurring from emergency operations and the rework costs and ensuring the resilience of the service.

DOWNLOAD THE PRESENTATION

SEE THE VIDEOINTERVIEW

 

Suggested additional paper: GARTNER-CAST PAPER ON SOFTWARE RISK MANAGEMENT

Get the Pulse Newsletter  Sign up for the latest Software Intelligence news Subscribe Now <>
Open source is part of almost every software capability we use today. At the  very least libraries, frameworks or databases that get used in mission critical  IT systems. In some cases entire systems being build on top of open source  foundations. Since we have been benchmarking IT software for years, we thought  we would set our sights on some of the most commonly used open source software  (OSS) projects. Software Intelligence Report <> Papers
In our 29-criteria evaluation of the static application security testing (SAST)  market, we identified the 10 most significant vendors — CAST, CA Veracode,  Checkmarx, IBM, Micro Focus, Parasoft, Rogue Wave Software, SiteLock,  SonarSource, and Synopsys — and researched, analyzed, and scored them. This  report shows how each measures up and helps security professionals make the  right choice. Forrester Wave: Static Application Security Testing, Q4 2017  Analyst Paper
This study by CAST reveals potential reasons for poor software quality that  puts businesses at risk, including clashes with management and little  understanding of system architecture. What Motivates Today’s Top Performing  Developers Survey
Daniela Candito
Daniela Candito Marketing Manager - Cast Italia
Experienced Marketing Manager with a demonstrated history of working in the information technology and services industry. Skilled in Customer Service, Enterprise Software, Sales, Business Development, and Customer Relationship Management (CRM)
Load more reviews
Thank you for the review! Your review must be approved first
Rating
New code

You've already submitted a review for this item

|