What is Cyber Resiliance?
Cyber Resilience is the ability for an organization to resist, respond and recover from attacks that will impact the information they require to do business.
Who developed the current material? What are their cyber security credentials?
The best practice guide was authored by:
Stuart Rance, a consultant, trainer and author, and owner of Optimal Service Management Ltd.
Mike St John-Green, an independent consultant in cyber security, currently working with a range of clients, primarily in the City of London and Europe.
Moyn Uddin, an independent information and cyber risk practitioner with nearly 30 years in IT, networking, IT security, information security, governance risk and compliance.
It was also reviewed by a range of experts including:
Nathan Cooper, Capita; Ian Davies, deputy chairman of BMT Group and senior independent director at the Institute of Chartered Accountants in England and Wales (ICAEW) and Harvey Nash; Alan Field, Highdown Management Services Ltd; Darren Hampton, iSolutions, University of Southampton; Noel Hannan, Capita; Alexander Hernandez, KPMG; George Judd and the team at CASK LLC; and Gary Warzala.
Who is RESILIA aimed at?
RESILIA offers practical guidance, training and learning for the entire organization, including the boardroom, IT, risk and business professionals, so that they better understand the risks and benefits of effective Cyber Resilience.
The foundation and practitioner certification is aimed at:
IT and Security functions: all professionals within IT Service Management, Information Security, Business Analysis, IT Project Management, IT Development, IT and Security Architecture and leadership roles (CTO (Chief Technology Officer), CISO (Chief Information and Security Officer), Head of IT)
The Risk function: all Risk Management professionals from CRO (Chief Risk Officer), Head of Risk, Risk Manager, Heads of Compliance and Business Continuity to risk and Business Analyst roles
All core business functions, HR, Finance, Procurement, Operations and Marketing, will benefit from having cyber resilience expertise within the team, often including a local champion or mentor for all staff to refer to. RESILIA certifications are designed for all staff from leadership roles (HR Director, CFO, Operations Director) to management and operational teams.
The awareness learning provides content that can be delivered across the organization, throughout the year, to help embed cyber resilient behaviours across the entire workforce.
The leader engagement focuses on delivering specialized training and learning for the leaders within an organization so that they understand the role they have to play in developing effective cyber resilient strategies and behaviours.
How will AXELOS RESILIA fit with existing frameworks? (e.g. NIST, ISF, ISO 27001)
Many existing frameworks outline a set of controls that an organization should put in place, often for the benefit of proving external assurance. RESILIA has been designed to complement these existing standards and frameworks by providing guidance on how these controls can be selected, deployed and managed in a way that is appropriate for the specific organization. It enables the wider IT team, and risk and business professionals, to understand why and how they can contribute to both good cyber resilience and existing standards the organization is using.
How does RESILIA align itself with ITIL?
RESILIA best practice uses a lifecycle approach to aid effective deployment and management of Cyber Resilience in an organization. The lifecycles are complementary to ITIL as they follow the same Strategy, Design, Transition, Operation and Continuous Improvement structure. The best practice covers what activities, controls and management processes should be in each lifecycle. Organizations already using ITIL for service management will find that Cyber Resilience can easily be integrated into this existing management systems, with Cyber Resilience controls and management becoming an extension of existing business-as-usual processes.