Category: Risk & Security

Software today is more complex than it has ever been. New technologies emerge rapidly and as applications evolve to utilize them, gaps occur. Some gaps result in “technical debt”, an industry term to describe development practices where ideal craftsmanship has not been achieved and additional work needs to be done.
CI/CD DevOps: Enhancing Continuous Delivery with Software Intelligence
When you are a consumer credit company, victimized recently by a serious security breach where hackers exploited an application vulnerability to steal the personal information of roughly 143 million people, what do you do for an encore? For Equifax, the encore may be “get hacked a second time.”
An Encore for Equifax?
Insurance companies still spend a lot of money maintaining the infrastructure for their core legacy apps, but migrating some of these apps to a cloud platform could provide significant cost savings.
The State of Cloud Adoption in Insurance – Look Out for Migration Bumps Ahead!
The biggest lesson learned from the Equifax breach is that executives and application owners need a software risk scorecard that clearly outlines KPIs around software structural quality and security.
Lessons from Equifax: Get a Software Risk Scorecard
Open source is the lifeblood of modern software development, but it's not without risks, especially when it comes to application security.
A Good Look at Open Source Frameworks: Avoiding Another Equifax
Knowing the difference between true positives and false positives for Application Security Testing.
Reduce False Positives in Application Security Testing
On June 9th, CAST hosted the event, How to Control Software Risk and Cost in Digital Transformation, in Madrid with CISQ and Dr. Richard Soley, CEO and Chairman of the Object Management Group.
How to Manage Software Risk and Cost in Digital Transformation
Everyone wants to do DevOps like Netflix, but is it really right for your organization?
Netflix Envy
The recent spate of IT glitches and ‘power outages’ at British Airways which caused the UK’s national carrier to cancel all its flights worldwide at the start of May bank holiday along with the WannaCry ransomware attack which ground the National Health Service to a halt have exposed again the importance of IT systems in today’s business. The complexity of these IT systems, the number of vulnerabilities that exist in critical software used by critical infrastructure sectors such as the NHS, airlines, telecom operators has made headlines once more.
Need for Holistic IT Systems’ Risk Assessment
Harvard Business Review has reported that digital leaders succeed in large part due to their ability to recognize and scale innovation across their business – seeing beyond transformation hurdles and IT complexity. They never lose sight of the end goal.
Recap: Software Risk & Innovation Summit 2017
How to choose the right security solution for your AppSec Strategy.
SAST, DAST and IAST - What's the Difference?
At the upcoming Software Risk and Innovation Summit, CIOs address challenges around DevOps and the next big tech innovation trends.
CISQ Is Helping CIOs Master Digital Transformation
The key to security is to ensure that your most sensitive data is handled with proper controls in place. This should include working with your architects to explore the architecture of applications that handle the most critical data, starting from the data elements themselves and fanning out via impact diagrams (for example, CAST does this with the Application Intelligence Platform). Over time, your team will be able to establish secure architecture components that should handle all sensitive data.
Following Best Practices to Achieve Application Security & Reduce Risk

Insurance organizations have reached a tipping point. Historic institutions, with in some cases hundreds of years of service, they are being forced to transform due to changing consumer demands and nimble, technology-centric startups bringing innovative products to market. No stranger to regulatory and privacy concerns, Insurance carriers have overcome many roadblocks throughout their lifetime of doing business. Now they must tackle their legacy IT systems and improve software risk management to deliver the value today’s market is after.

The Insurance Industry Challenge: Improve Software Risk Management
Companies are waking up to the fact that the digital transformation journey is not a leisurely stroll. It’s more of a marathon sprint. Between externalization of processes and the Internet of Things (IoT) the need to increase “velocity” is becoming a key attribute of success.
DevOps, Digital Transformation and IoT, ‘Oh My’!

Today, CAST is meeting hundreds of Enterprise Architect aficionados, gurus, practitioners and professionals in National Harbor at the Gartner EA Summit. When glancing at the agenda, it is evident that EA has become omnipresent and is interacting either directly or indirectly with 100% of hot IT challenges such as Digital Transformation, Cloud Readiness, Internet of Things, Cyber Security and Innovation - the topics that are keeping many executives up at night.

The intent of this post is to share “one” view of the EA journey and provide some personal insight into software risk management and what I think will be the upcoming challenges in our favorite discipline.

EA Insights – The Fact-Based Measurement Effect

6On March 15, CISQ hosted the Cyber Resilience Summit in Washington, D.C., bringing together nearly 200 IT innovators, standards experts, U.S. Federal Government leaders and attendees from private industry. The CISQ quality measures have been instrumental in guiding software development and IT organization leaders concerned with the overall security, IT risk management and performance of their technology. It was invigorating to be amongst like-minded professionals who see the value in standardizing performance measurement.

CISQ & IT Risk Management: Minimizing Risk in Government IT Acquisition

UntitledSoftware Risk Management in Digital Transformation was the focus during the 4th edition of the Information Technology Forum, hosted by International Institute of Research (IIR).  Massimo Crubellati, CAST Italy Country Manager, discussed how Digital Transformation processes are changing the ICT scenario and why software risk management and prevention is mandatory.

 

Massimo shared our recipe for Digital Governance evolution: including a specific ICT Risk chapter in the design of the governance structure of the digital transformation, whose most relevant aspect is to determine which methods and through which key performance indicators to measure the operational risk inherent in the application portfolio. Measurement needs to be continuous and structural, it must include the assessment of application assets inherent weaknesses, through the analysis of correlations between the layers composing them. Thus obtaining, not only an effective prevention of direct damage ensuring the service resilience, but a reduction in maintenance and application management costs.

Software Risk Management: Risk Governance in the Digital Transformation