RESILIA – What is it?

RESILIA is a management framework to help organisations prepare themselves to deal with the increasing range and complexity of cyber threats.

Resilia has been developed by Axelos which is the organisation responsible for other best practice guidance such as ITIL and PRINCE2.

resilia-manual

In addition to the RESILIA manual there is an associated training and qualification structure designed to build awareness of cyber security risks in order that they can be addressed more effectively.

RESILIA provides a management approach to assist organisations with their compliance needs, complementing new and existing policies and frameworks.

It has been developed by experts in hands-on cyber resilience and systems management, working closely with subject and technology experts in cyber security assessment.

What are the RESILIA courses and qualifications?

The RESILIA Foundation course provides an overview of the framework and essential terminology. There are no pre-requisites so it is suitable both for those needing general awareness of cyber resilience and those who will go on to assume responsibility for actively managing cyber security risk.

The Foundation is taught as a 3 day classroom course with the exam on the final afternoon. The exam is a 100 minute, 50 question multiple choice paper
Find Resilia Foundation Courses

The Practitioner course applies the theory to real life scenarios so is suited to those needing the practical skill sets to achieve optimal balance of cost, risk and operational benefits within the organisation. Training dates will be announced shortly

Cyber Security v Information Security

RESILIA sticks firmly to the terminology of cyber security and cyber resilience. The term “cyber” denotes focus on threats arising from “cyber-space”. It is clearly topical given the regular attacks and fraudulent activity experienced by all types of organisation via the web.

Some would argue that it becomes an exercise in pointless semantics to try disentangle cyber threats from the broader topic of information security or information assurance. However there is no doubt that as customer and supplier engagement has gone online and as cloud based services increase so the nature of security has changed out of all recognition.
Cyber Security. Information Security. Network Security. What’s the difference?

Who is RESILIA for?

RESILIA is aimed at professionals with responsibility for IT and security functions or risk and compliance operations within an organisation.

But it is not just for IT specialists.

It is increasingly appropriate for there to be a cyber-resilience champion in HR, Finance, Procurement, Operations and Marketing teams.

The content within RESILIA is not “IT technical”. It is in many ways the application of formal risk management techniques to cyber security threats. Cyber resilience failures do not just have technical consequences; reputational damage, loss of service and legal infringements can often result.

What’s in RESILIA?

Resilia is embodied within a cycle of continuous improvement. In that sense it draws significantly on ITIL which provides a framework for effective IT service management. Those familiar with ITIL will recognise the key elements:

  • Cyber resilience strategy
  • Cyber resilience design
  • Cyber resilience transition
  • Cyber resilience operation
  • Cyber resilience continual improvement

There is strong linkage to MoR, another set of Axelos best practice guidance. MoR provides a framework for organisations to manage all types of risk in a structured and professional manner.

For effective cyber resilience, Resilia explains that an organisation must strike the right balance between three types of control activity:

Preventative
To prevent incidents that jeopardize cyber resilience

Detective
To identify the occurrence of an incident

Corrective
To respond to the incident and recover from the situation.

RESILIA places cyber resilience as complementary to other aspects of information security. It emphasises people and management processes over technology, and the fit with other frameworks such as COBIT and ISO27001 is explained.

What it is not

The RESILIA manual covers all aspects of cyber resilience. It provides organisations with a methodology for its implementation but does not provide detailed and prescriptive instructions on the implementation of individual cyber resilience controls.

Selection of specific controls depends on the risks arising in the context of the particular business, the environment in which the business is operating. For proportionate cyber resilience measures effective risk management is a key foundation.