Focus on control rather than culture limiting cyber resilience, warns AXELOS
AXELOS – the UK Government/Capita joint venture – has warned that organisations which concentrate their time and resources on technology solutions to manage cyber attacks rather than raising employee awareness of cyber resilience risk limiting their ability to prevent and recover from cyber attacks.
Nick Wilding, head of cyber resilience at AXELOS – which today launches the second training course as part of the ITIL-aligned RESILIA Cyber Resilience Best Practice portfolio - said that while businesses are improving the way they detect and contain cyber attacks, more needs to be done to improve resilience and the ability to recover from an attack.
The launch of the new RESILIA Practitioner level follows a recent survey by the Ponemon Institute LLC* which found that only 25% of IT and IT security practitioners rated their organizations’ cyber resilience as high, while just 31% rated their ability to recover from a cyber attack as high. The ability to detect and contain attacks was rated as higher - 44% and 47% respectively.
“For many of those working in information security the typical response to a successful cyber-attack is a comprehensive review of the controls environment, which for many focuses on preventative controls,” said Nick. “It is increasingly clear that this methodology is flawed. Recent events have clearly illustrated that it’s vital that companies have in place strategies that allow them to effectively respond and recover from cyber-attacks.”
To help organizations improve their ability to prevent and respond to cyber attacks, AXELOS recently launched RESILIA, a portfolio of publications, training and awareness tools aimed at putting employees at the centre of an organization’s cyber resilience strategy. The RESILIA Best Practice Guide is aligned with the ITIL – first used in 1989 and now the most widely adopted service management framework used by thousands of organizations worldwide - and illustrates what good cyber resilience looks like, providing practical guidance for its strategy, implementation and management.
The new RESILIA Practitioner level is a two-day course followed by a 50-question exam which aims to equip individuals with practical skills to achieve the best balance of risk, cost, operational benefits and flexibility within an organization. It is open to anyone who has completed the Foundation level, which helps individuals understand how operational decisions can have an impact on good cyber resilience.
Nick said: “RESILIA certifications are an integral part of the portfolio and aim to highlight the importance of strategies and controls that respond and recover from attack. Whereas many existing cyber qualifications are aimed at security professionals and have a more technical focus, RESILIA is aimed at IT, risk and business professionals who need a greater understanding of cyber resilience as part of their existing responsibilities and strategies.”
RESILIA Foundation exams are currently available through selected EIs. More information can be found on the AXELOS website: www.axelos.com/qualifications/resilia-qualifications.