Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Agenda
Best practice overview
Certification syllabus and exam overview
Q&A
@StuartRance
@StuartRance
@StuartRance
Publication structure
1.
2.
3.
4.
5.
6.
7.
8.
9.
Introduction
Risk management
Managing cyber resilience
Cyber resilience strategy
Cyber resilience design
Cyber resilience transition
Cyber resilience operation
Cyber resilience continual improvement
Roles and responsibilities
5
@StuartRance
MedUServ
MakeUGoods
Retail organization
International
Large internet presence
Many physical stores
Worry about payment card
data breaches
PCI-DSS compliant
Manufacturing
One country
Secret production methods
Customers in the defence
industry
SCADA systems
Worry about leaked secrets
and lost production
@StuartRance
1. Introduction
Cyber resilience is not just information security
More focus on network connectivity and the internet
@StuartRance
2. Risk management
Cyber resilience is largely about managing risks
@StuartRance
ITIL
ISO/IEC 27001, ISO/IEC 20000-1
ISO 31000, Management of Risk (M_o_R)
ISO 9001, ISO 22301
COBIT 5
NIST Framework for improving Critical Infrastructure Security
@StuartRance
@StuartRance
11
@StuartRance
4 to 8 Questions - examples
Strategy
How effective is governance of cyber resilience in your organization? Are the
right people involved? What could be improved?
Design
To what extent does your organization risk assess its supply chain?
Continual improvement
How do you measure the effectiveness of your controls?
12
@StuartRance
Establish governance
Manage stakeholders
Create and manage policies
Manage audit and compliance
13
@StuartRance
HR security
System acquisition, development, architecture & design
Supplier and third party security
Endpoint security
Cryptography
Business continuity management
@StuartRance
@StuartRance
Access control
Network security management
Physical security
Operations security
Cyber resilience incident management
16
@StuartRance
@StuartRance
18
@StuartRance
19
@StuartRance
RESILIA Foundation
Similar to other Axelos foundation certifications
Three day training course (online or face-to-face)
50 question multiple choice exam
Covers all chapters of the publication
@StuartRance
22
@StuartRance
RESILIA Practitioner
Similar to other Axelos practitioner certifications
Foundation is a pre-requisite
Two day training course (online or face-to-face)
50 question multiple choice exam
With a case study and scenarios
More complex questions, but still only one correct answer
23
@StuartRance
25
@StuartRance
Q&A
26
@StuartRance
Thank you
@StuartRance
StuartR@optimalservicemanagement.com