Download - KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

Transcript
Page 1: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION

AXELOS.COM

Page 2: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

AGENDA

Information, value and cyber resilience

Introducing RESILIA

How RESILIA builds resilience

The benefits

The portfolio

The future

Page 3: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

INFORMATION AND VALUE

• Your precious information– Customer/client data

– Operational data

– Market data

– Operational documents and insight

– Confidential data and IP

• Enabled by IT systems (which can be hacked or compromised) – and now critical to success

Page 4: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

BEYOND IT

THE HUMAN FACTOR

• Organizational value resides in data plus people – (information + intelligence = knowledge and ability)

• The “system” is technology plus people

• People/behaviours cause most vulnerabilities

• Narrow focus on IT won’t align strategy,operations and people

• Need to look beyond IT security – to cyber resilience

Page 5: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

WILL YOUR INFORMATION BE COMPROMISED?

• The risks are high.– 73% of large organizations suffered from infection

by viruses or malicious software in the past year(BIS, 2014 Information Security Breaches Survey)

– 37.3 million users experience phishing attacks in 2013 (Kapersky Lab)

– 95% of security incidents involve human(IBM 2014 Cyber Security Intelligence Index report)

– 50% of users open emails and click on phishinglinks with the first hour(Verizon 2015 data breach investigations report)

Page 6: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

INTRODUCING CYBER RESILIENCE

• Cyber resilience is about keeping data safe, but critically…

• It’s about keeping the value tied to that data safe

• It’s about how you minimise damage and come through attack or security failure

• It’s about how you prevent, detect, respond and recover

Page 7: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

BARRIERS TO CYBER RESILIENCE?

• Lack of awareness (board level down)

• Silo thinking (“it’s an IT problem”)

• Narrow focus on regulatory compliance, not risk

• Confusion about what “good” looks like

• Cyber resilience demands a “whole system” view (technology and people)o Cyber resilience has to be part of your

organisational culture…o This is why you need RESILIA

Page 8: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

RISKS TO VALUE

• Loss of corporate reputation and customer trust

• Financial loss and reduced productivity

• Regulatory fines

• Reduced competitive advantage through IP theft

• (Damaged personal reputations)

Page 9: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

WHAT IS RESILIA?

RESILIA is a portfolio of training, learning and certification aimed at building cyber resilience across the organization, from the boardroom down. Underpinned by Cyber Resilience Best Practices it comprises of:

• Foundation and Practitioner Certifications

• Organization wide awareness learning

• Cyber Pathway Tool

• Leadership engagement

• Professional Development Programme.

Page 10: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

WHAT WILL YOU GAIN (AND KEEP)?

• clarity and confidence throughout your organization as it responds to a cyber attack

• best practice disciplines – encompassing people, process and technology, whatever your organization’s size

• enhanced management strategies

• aligned IT operations, security and incident management

• secured value

Page 11: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

WHAT WILL YOU GAIN (AND KEEP)?

• The right ingredients for effective cyber resilience– Common language across IT and non-IT teams

– Enhanced collaboration

– Enhanced control, reporting and good governance

• A framework to exploit ITIL best practice investments

• Higher levels of certified staff

Page 12: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

Best Practice GuideCore practical guidance for strategy, implementation and management:

“what good looks like”

Individual Awareness Learning & Know-

howAll staff across an organisation

IT teams and data owners/managers

Membership & CPDIT teams and data owners/managers

LeaderEngagemen

tLeadership team across an organisation

Management Pathway Tool

Foundation & Practitioner Training

RESILIA: THE PORTFOLIO

Page 13: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

Who is it for?

The Foundation and Practitioner certification is aimed at: – IT and security functions– Risk and compliance functions– Core business functions including HR,

Finance, Procurement, Operations and Marketing.

The awareness learning is for the entire organization.

The leadership engagement delivers specialised training and learning for the leaders within an organization

Page 14: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

RESILIA: BEST PRACTICE

• The management processes you need to embed across the organization (large or small)

• An organization-wide management system involving people, process and technology

• Practical, pragmatic guidance aligned with common approaches and standards

• Structure follows the proven ITIL lifecycle used by thousands of organizations across the world

Page 15: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

RESILIA: CERTIFIED TRAINING

• Foundation and Practitioner courses for global certified training

• Link cyber resilience to business strategy

• Enable effective resilience based on best practice and repeatable processes

• Create individual expertise in – risk and vulnerability assessment

– the selection of appropriate controls, including their structured implementation and management

Page 16: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

IT VENDORS- CISCO, MS, ORACLE etc

ISC(2)CISSP

CompTIA Security

+

EC CouncilEthical Hacker

EC CouncilCertified Security Analyst

CISM

ISC(2) SSCP

CLAS

ISO27001 auditor

CESG CCP

CESG

CCT

ISACA Cybersecurity Fundamentals Certificate

AXELOS Cyber Practitioner

AXELOS Cyber Foundation

BCS InfoSecPrinciples

KeyGrey = non-certification course

Size of circle = course market share

TECHNICAL FOCUS

BUSINESS FOCUS

GENERAL AUDIENCE

NICHE AUDIENCE

RESILIA:CERTIFICATION POSITIONING

Page 17: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

Cyber Resilience Foundation

Cyber Resilience Practitioner

RESILIA: CERTIFIED TRAINING

Course structure Learning outcomes

3day classroom course

or

20hours of distance learning, optional

simulation to start course, Foundation certification multiple choice exam

How decisions impact good/bad Cyber Resilience

Comprehensive approach across all areas

How to make good Cyber Resilience an efficient part

of business and operational management

2day classroom course

or

15hours of distance learning, optional

simulation to start course, Practitioner certification multiple choice exam, bundled

with Foundation as a 5 day course

What effective Cyber Resilience looks like

Pitfalls, risk and issues that can easily hit Cyber Resilience

Getting the best balance of risk, cost, benefits and flexibility

within an organization

Page 18: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

RESILIA: AWARENESS LEARNING

• Empower all individuals with awareness of cyber risks and their personal responsibilities for the organization’s overall resilience – Content for regular, continuous learning

– Adaptive and personalised to suit different learning speeds and styles

– Users can learn where and when it suits with minimal disruption to their day to day activities

Page 19: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

Learning modules

Phishing Social engineering

Password safety

Information handling

Online safety Remote and mobile working

Personal information

Learning formats

Games Simulations Videos eLearningTests and refreshers

Animations

RESILIA: AWARENESS LEARNING

Page 20: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

RESILIA: CYBER PATHWAY TOOL

• Assess, manage and report on your cyber resilience maturity (v. best practice)

• Map priorities for capability and investment

• Report maturity, priorities, and business outcome to management and the boardroom

Page 21: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

RESILIA: LEADER ENGAGEMENT

• Build cyber resilience expertise, insight and action in the boardroom– Create active understanding

of the cyber threat landscape, cyber risks and vulnerabilities

– Create practical knowledge of how to respond and recover in the face of cyber attacks

Page 22: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

THE RESILIA PORTFOLIO

Tools and resources that will help you keep

Your precious information

safe

Your corporate reputation

intact

The confidence of your

customers

A cyber aware and vigilant workforce

Page 23: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

RESILIA AND BEYOND

Building the best practice community

Effective cyber resilience involves a multi-disciplinary approach with an organization that encompasses people, process and technology. The RESILIA community will bring together practitioners, decision makers and leaders across a range of core functions.

Page 24: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

RESILIA AND BEYOND

• RESILIA™ CPD– Coming early in 2016

– Completing a RESILIA qualification will earn 15 continuing professional development (CPD) points towards a professional membership

– A route to maintain your RESILIA qualification without re-sitting the exam 

– AXELOS are currently looking at CPD topics and plan to consult the Agile community at a later stage

Page 25: KEEPING THE VALUE OF YOUR ORGANIZATION, WITHIN YOUR ORGANIZATION AXELOS.COM.

FOR MORE INFORMATION ABOUT RESILIA PLEASE VISIT:

www.AXELOS.com/RESILIA