Topic spotlights how to measure the cybersecurity risk of software-intensive systems
Baltimore, MD – November 2, 2018 – Marc Jones, Director of Public Sector Outreach from the Consortium for IT Software Quality™ (CISQ™), will present “Measuring the Cybersecurity Risk of Software-Intensive Systems” on November 8 at 2:45 p.m. at the 2018 NIST Cybersecurity Risk Management Conference, which will be held from November 7-9, 2018, at the Renaissance Baltimore Harborplace hotel, in Baltimore, Maryland. This presentation will describe how standards developed by CISQ for measuring software structural quality can be applied as part of the NIST Cybersecurity Framework.
CISQ is an industry consortium chartered with developing international standards for automating the measurement of size and structural quality from source code. The Automated Quality Characteristic Measure standards for Reliability, Security, Performance Efficiency, and Maintainability are based on quantifying violations of good architectural and coding practice in the source code of software systems. When calibrated against operational performance, the standards assess several areas of cybersecurity risk to which a software system exposes the enterprise. The measures comply with software product quality definitions in ISO/IEC 25010 and supplement the behavioral measures in ISO/IEC 25023 by measuring software quality attributes at the source code level.
Marc Jones will also share the CISQ Trustworthy Systems Manifesto, just launched at the October 16 Cyber Resilience Summit in Arlington, Virginia.
The Manifesto lists five principles that senior IT executives can apply to govern system development and deployment in order to mitigate risks to an organization’s business or mission. The principles provide guidance to senior management to create an optimal environment for developing and operating trustworthy systems that are secure from unauthorized users and actions, reliable and safe in performance, resilient to unexpected conditions, and accurate in computations. After reading the Manifesto, executives are encouraged to become signatories, thereby demonstrating a willingness to create policies and practices to implement these principles within their organizations, and to encourage their adoption in other organizations. To become a signatory, visit https://www.omg.org/it-cisq/tsm/signatures.php.
Marc Jones volunteers his time to lead U.S. government outreach for CISQ. He is the Vice President of Public Sector at CISQ sponsor, CAST, where he works with public institutions to advance software intelligence.
The Consortium for IT Software Quality™ (CISQ™) is an IT leadership group that develops international standards for automating the measurement of software size and structural quality from the source code. The standards written by CISQ enable IT and business leaders to measure the risk IT applications pose to the business, as well as estimate the cost of ownership. CISQ was co-founded by the Object Management Group® (OMG®) and Software Engineering Institute (SEI) at Carnegie Mellon University. For more information, visit https://www.it-cisq.org/.
Note to editors: CISQ is an Object Management Group program. Object Management Group and OMG are registered trademarks of the Object Management Group. For a listing of all OMG trademarks, visit https://www.omg.org/legal/tm_list.htm. All other trademarks are the property of their respective owners.