Post on 11-Jan-2016
KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION
AXELOS.COM
AGENDA
Information, value and cyber resilience
Introducing RESILIA
How RESILIA builds resilience
The benefits
The portfolio
The future
INFORMATION AND VALUE
• Your precious information– Customer/client data
– Operational data
– Market data
– Operational documents and insight
– Confidential data and IP
• Enabled by IT systems (which can be hacked or compromised) – and now critical to success
BEYOND IT
THE HUMAN FACTOR
• Organizational value resides in data plus people – (information + intelligence = knowledge and ability)
• The “system” is technology plus people
• People/behaviours cause most vulnerabilities
• Narrow focus on IT won’t align strategy,operations and people
• Need to look beyond IT security – to cyber resilience
WILL YOUR INFORMATION BE COMPROMISED?
• The risks are high.– 73% of large organizations suffered from infection
by viruses or malicious software in the past year(BIS, 2014 Information Security Breaches Survey)
– 37.3 million users experience phishing attacks in 2013 (Kapersky Lab)
– 95% of security incidents involve human(IBM 2014 Cyber Security Intelligence Index report)
– 50% of users open emails and click on phishinglinks with the first hour(Verizon 2015 data breach investigations report)
INTRODUCING CYBER RESILIENCE
• Cyber resilience is about keeping data safe, but critically…
• It’s about keeping the value tied to that data safe
• It’s about how you minimise damage and come through attack or security failure
• It’s about how you prevent, detect, respond and recover
BARRIERS TO CYBER RESILIENCE?
• Lack of awareness (board level down)
• Silo thinking (“it’s an IT problem”)
• Narrow focus on regulatory compliance, not risk
• Confusion about what “good” looks like
• Cyber resilience demands a “whole system” view (technology and people)o Cyber resilience has to be part of your
organisational culture…o This is why you need RESILIA
RISKS TO VALUE
• Loss of corporate reputation and customer trust
• Financial loss and reduced productivity
• Regulatory fines
• Reduced competitive advantage through IP theft
• (Damaged personal reputations)
WHAT IS RESILIA?
RESILIA is a portfolio of training, learning and certification aimed at building cyber resilience across the organization, from the boardroom down. Underpinned by Cyber Resilience Best Practices it comprises of:
• Foundation and Practitioner Certifications
• Organization wide awareness learning
• Cyber Pathway Tool
• Leadership engagement
• Professional Development Programme.
WHAT WILL YOU GAIN (AND KEEP)?
• clarity and confidence throughout your organization as it responds to a cyber attack
• best practice disciplines – encompassing people, process and technology, whatever your organization’s size
• enhanced management strategies
• aligned IT operations, security and incident management
• secured value
WHAT WILL YOU GAIN (AND KEEP)?
• The right ingredients for effective cyber resilience– Common language across IT and non-IT teams
– Enhanced collaboration
– Enhanced control, reporting and good governance
• A framework to exploit ITIL best practice investments
• Higher levels of certified staff
Best Practice GuideCore practical guidance for strategy, implementation and management:
“what good looks like”
Individual Awareness Learning & Know-
howAll staff across an organisation
IT teams and data owners/managers
Membership & CPDIT teams and data owners/managers
LeaderEngagemen
tLeadership team across an organisation
Management Pathway Tool
Foundation & Practitioner Training
RESILIA: THE PORTFOLIO
Who is it for?
The Foundation and Practitioner certification is aimed at: – IT and security functions– Risk and compliance functions– Core business functions including HR,
Finance, Procurement, Operations and Marketing.
The awareness learning is for the entire organization.
The leadership engagement delivers specialised training and learning for the leaders within an organization
RESILIA: BEST PRACTICE
• The management processes you need to embed across the organization (large or small)
• An organization-wide management system involving people, process and technology
• Practical, pragmatic guidance aligned with common approaches and standards
• Structure follows the proven ITIL lifecycle used by thousands of organizations across the world
RESILIA: CERTIFIED TRAINING
• Foundation and Practitioner courses for global certified training
• Link cyber resilience to business strategy
• Enable effective resilience based on best practice and repeatable processes
• Create individual expertise in – risk and vulnerability assessment
– the selection of appropriate controls, including their structured implementation and management
IT VENDORS- CISCO, MS, ORACLE etc
ISC(2)CISSP
CompTIA Security
+
EC CouncilEthical Hacker
EC CouncilCertified Security Analyst
CISM
ISC(2) SSCP
CLAS
ISO27001 auditor
CESG CCP
CESG
CCT
ISACA Cybersecurity Fundamentals Certificate
AXELOS Cyber Practitioner
AXELOS Cyber Foundation
BCS InfoSecPrinciples
KeyGrey = non-certification course
Size of circle = course market share
TECHNICAL FOCUS
BUSINESS FOCUS
GENERAL AUDIENCE
NICHE AUDIENCE
RESILIA:CERTIFICATION POSITIONING
Cyber Resilience Foundation
Cyber Resilience Practitioner
RESILIA: CERTIFIED TRAINING
Course structure Learning outcomes
3day classroom course
or
20hours of distance learning, optional
simulation to start course, Foundation certification multiple choice exam
How decisions impact good/bad Cyber Resilience
Comprehensive approach across all areas
How to make good Cyber Resilience an efficient part
of business and operational management
2day classroom course
or
15hours of distance learning, optional
simulation to start course, Practitioner certification multiple choice exam, bundled
with Foundation as a 5 day course
What effective Cyber Resilience looks like
Pitfalls, risk and issues that can easily hit Cyber Resilience
Getting the best balance of risk, cost, benefits and flexibility
within an organization
RESILIA: AWARENESS LEARNING
• Empower all individuals with awareness of cyber risks and their personal responsibilities for the organization’s overall resilience – Content for regular, continuous learning
– Adaptive and personalised to suit different learning speeds and styles
– Users can learn where and when it suits with minimal disruption to their day to day activities
Learning modules
Phishing Social engineering
Password safety
Information handling
Online safety Remote and mobile working
Personal information
Learning formats
Games Simulations Videos eLearningTests and refreshers
Animations
RESILIA: AWARENESS LEARNING
RESILIA: CYBER PATHWAY TOOL
• Assess, manage and report on your cyber resilience maturity (v. best practice)
• Map priorities for capability and investment
• Report maturity, priorities, and business outcome to management and the boardroom
RESILIA: LEADER ENGAGEMENT
• Build cyber resilience expertise, insight and action in the boardroom– Create active understanding
of the cyber threat landscape, cyber risks and vulnerabilities
– Create practical knowledge of how to respond and recover in the face of cyber attacks
THE RESILIA PORTFOLIO
Tools and resources that will help you keep
Your precious information
safe
Your corporate reputation
intact
The confidence of your
customers
A cyber aware and vigilant workforce
RESILIA AND BEYOND
Building the best practice community
Effective cyber resilience involves a multi-disciplinary approach with an organization that encompasses people, process and technology. The RESILIA community will bring together practitioners, decision makers and leaders across a range of core functions.
RESILIA AND BEYOND
• RESILIA™ CPD– Coming early in 2016
– Completing a RESILIA qualification will earn 15 continuing professional development (CPD) points towards a professional membership
– A route to maintain your RESILIA qualification without re-sitting the exam
– AXELOS are currently looking at CPD topics and plan to consult the Agile community at a later stage
FOR MORE INFORMATION ABOUT RESILIA PLEASE VISIT:
www.AXELOS.com/RESILIA