RESILIA Foundation Training
Certificate: RESILIA Foundation
Duration: 3 Days
Course Delivery: Classroom, Virtual Classroom
Accreditor: AXELOS
Language: English
Credits: AXELOS CPD (2016)
Course Description:
AXELOS RESILIA™: Cyber Resilience Best Practice is designed to help commercial and government organizations around the world prevent, detect and correct any impact cyber attacks will have on the information required to do business. Adding RESILIA to the existing AXELOS global best practice portfolio, including ITIL® and PRINCE2®, brings a common cyber resilience best practice for security, IT service management and business. Active cyber resilience is achieved through people, process and technology.
The RESILIA Foundation course starts with the purpose, key terms, the distinction between resilience and security, and the benefits of implementing cyber resilience. It introduces risk management and the key activities needed to address risks and opportunities. Further, it explains the relevance of common management standards and best practice frameworks to achieve cyber resilience. Subsequently, it identifies the cyber resilience processes, the associated control objectives, interactions and activities that should be aligned with corresponding ITSM activities. In the final part of the course, it describes the segregation of duties and dual controls related to cyber resilience roles and responsibilities.
Learning Objectives:
Individuals certified at RESILIA Foundation will have demonstrated their knowledge of:
● The purpose, benefits, and key terms of cyber resilience.
● Risk management and the key activities needed to address risks and opportunities.
● The purpose of a management system and how best practices and standards can contribute.
● Cyber resilience strategy, the associated control objectives, and their interactions with ITSM activities.
● Cyber resilience design, the associated control objectives and their interactions with ITSM activities.
● Cyber resilience transition, the associated control objectives, and their interactions with ITSM activities.
● Cyber resilience operation, the associated control objectives, and their interactions with ITSM activities.
● Cyber resilience continual improvement, the associated control objectives, and their interactions with ITSM activities.
● The purpose and benefits of segregation of duties and dual controls.
Prerequisites:
There are no prerequisites for this course.
Follow-on Courses:
RESILIA Practitioner Course.
Course Materials:
Participants receive a copy of the classroom presentation material and a Participant Handbook.
Course Outline:
Module 1: Intro to Cyber Resilience
1.1 Describe what cyber resilience is
1.2 Identify the benefits of cyber resilience
1.3 Identify the terms
1.4 Identify the purpose of balancing
1.5 Identify the need for:
a) Confidentiality
b) Integrity
c) Availability
d) Authentication
e) Nonrepudiation
Module 2: Risk management
2.1 Describe what risk management is
2.2 Identify the purpose of risk management
2.3 Identify the terms: risk, asset, vulnerability, threat
2.4 Describe actions to address risks and opportunities:
a) Establish context
b) Establish criteria for risk assessment and acceptance
c) Risk identification
d) Risk analysis and evaluation
e) Risk treatment
f) Risk monitoring and review
2.5 Identify the terms:
a) Risk register
b) Risk avoidance
c) Risk modification
d) Risk sharing
e) Risk retention
f) Risk treatment plan
g) Defence-in-depth
Module 3: Managing Cyber Resilience
3.1 Identify the purpose and scope of a management system
3.2 Identify the components of a management system
3.3 Recognize the relevance of common management standards and best practice frameworks to cyber resilience
3.4 Describe the difference between management, governance, and compliance
Module 4: Cyber Resilience Strategy
4.1 Identify what cyber resilience strategy is intended to achieve
4.2 Identify cyber resilience activities that should be aligned with IT service strategy
4.3 Describe the purpose and key features of the control objectives
4.4 Identify interactions between the following ITSM processes and cyber resilience
Module 5: Cyber Resilience Design
5.1 Identify what cyber resilience design is intended to achieve
5.2 Identify cyber resilience activities that should be aligned with IT service design
5.3 Describe the purpose and key features of the control objectives
5.4 Identify interactions between the following ITSM processes and cyber resilience
Module 6: Cyber Resilience Transition
6.1 Identify what cyber resilience transition is intended to achieve
6.2 Describe the purpose and key features of the control objectives
6.3 Identify interactions between the following ITSM processes and cyber resilience
Module 7: Cyber Resilience Operation
7.1 Identify what cyber resilience operation is intended to achieve
7.2 Describe the purpose and key features of the control objectives
7.3 Identify interactions between the following ITSM processes and cyber resilience
Module 8: Cyber Resilience Continual Improvement
8.1 Identify what cyber resilience continual improvement is intended to achieve
8.2 Recognise maturity models and their purpose
8.3 Describe the purpose and key features of the control objectives
8.4 Describe how the seven-step improvement process can be used to plan cyber resilience improvements
8.5 Describe how to use ITIL CSI approach to plan cyber resilience improvements
Module 9: Cyber Resilience Roles & responsibilities
9.1 Describe segregation of duties and dual controls
Audience:
The RESILIA Foundation course audience includes all teams across the IT and Risk functions, including:
● IT Service Management
○ Operations and Incident management
○ IT Change & Release management
○ IT Supplier & Vendor management
● Business Analysis and Design
○ Business analysts
○ IT Architects
● Development
● IT Project & Programme Management
● Risk and Compliance
○ Information Security management
○ Business Continuity managers
Examination:
● Syllabus scope: understand and recognize RESILIA™: Cyber Resilience Best Practice
● Bloom’s level: 1-2
● Format: Multiple Choice
● Number of questions: 50
● Duration: 100 minutes
● Exam Format: closed book exam
● Proctoring: Live or Web-proctored
