RESILIA®

RESILIA is a portfolio of training, learning and certification aimed at building Cyber Resilience across the organization, from the boardroom down. It is underpinned by the RESILIA Cyber Resilience Best Practices Guide and comprises Foundation and Practitioner certifications.

For more information, see our RESILIA section.

RESILIA offers practical guidance, training and learning for the entire organization, including the boardroom, IT, risk and business professionals, so that they better understand the risks and benefits of effective Cyber Resilience.

The Foundation and Practitioner certification is aimed at:

• IT and Security functions: all professionals within IT Service Management, Information Security, Business Analysis, IT Project Management, IT Development, IT and Security Architecture and leadership roles (CTO (Chief Technology Officer), CISO (Chief Information and Security Officer), Head of IT)
• The Risk function: all Risk Management professionals from CRO (Chief Risk Officer), Head of Risk, Risk Manager, Heads of Compliance and Business Continuity to risk and Business Analyst roles
• All core business functions, HR, Finance, Procurement, Operations and Marketing, will benefit from having cyber resilience expertise within the team, often including a local champion or mentor for all staff to refer to. RESILIA certifications are designed for all staff from leadership roles (HR Director, CFO, Operations Director) to management and operational teams.

See our RESILIA Certifications section for more information.

RESILIA best practice uses a lifecycle approach to aid effective deployment and management of Cyber Resilience in an organization. The lifecycles are complementary to ITIL as they follow the same Strategy, Design, Transition, Operation and Continuous Improvement structure.

The best practice covers what activities, controls and management processes should be in each lifecycle. Organizations already using ITIL for service management will find that Cyber Resilience can easily be integrated into their existing management systems, with Cyber Resilience controls and management becoming an extension of existing business-as-usual processes.

See our RESILIA section for more information.

Cyber Resilience is the ability for an organization to resist, respond to and recover from attacks that will impact the information they require to do business.

Traditional approaches to information security focus on an organization’s ability to prevent and detect attacks on its information and assets. This has led to the belief that the solution lies in a series of largely technical controls, as outlined in various standards, which are regularly tested for efficiency and consistency.

The nature and frequency of cyber-attacks has evolved, however so much so that it is no longer a case of if an organization will be attacked, but when. Cyber Resilience reflects this evolution and focuses its efforts on how organizations can also respond to and recover from a cyber-attack.

The best practice guide was authored by:

Stuart Rance, a consultant, trainer and author, and owner of Optimal Service Management Ltd.

Mike St John-Green, an independent consultant in cyber security, currently working with a range of clients, primarily in the City of London and Europe.

Moyn Uddin, an independent information and cyber risk practitioner with nearly 30 years in IT, networking, IT security, information security, governance risk and compliance.

It was also reviewed by a range of experts including:

Nathan Cooper, Capita; Ian Davies, deputy chairman of BMT Group and senior independent director at the Institute of Chartered Accountants in England and Wales (ICAEW) and Harvey Nash; Alan Field, Highdown Management Services Ltd; Darren Hampton, iSolutions, University of Southampton; Noel Hannan, Capita; Alexander Hernandez, KPMG; George Judd and the team at CASK LLC; and Gary Warzala.

Existing certifications like CISSP, CISM and CISA are predominantly aimed at security professionals and as such have a more technical focus. For example, CISSP includes elements of physical security, with strategies and controls designed to prevent and detect cyber to attacks.

RESILIA has been designed to highlight the importance of strategies and controls that respond and recover from attack and is aimed at IT, risk and business professionals, who need a greater understanding of cyber resilience as part of their existing responsibilities and strategies.

See our RESILIA Certifications section for more information.

Many existing frameworks outline a set of controls that an organization should put in place, often for the benefit of proving external assurance.

RESILIA has been designed to complement these existing standards and frameworks by providing guidance on how these controls can be selected, deployed and managed in a way that is appropriate for the specific organization. It enables the wider IT team, and risk and business professionals, to understand why and how they can contribute to both good cyber resilience and existing standards the organization is using.

See our RESILIA Certifications section for more information.

RESILIA offers two levels of certification for IT professionals – Foundation and Practitioner. Foundation requires no pre-requisite qualification, but must be passed before moving onto the practitioner level. The foundation certification comprises three days of learning followed by an examination. The practitioner certification requires an additional two days of training followed by an examination.

See our RESILIA Certifications section for more information.

The RESILIA Foundation and Practitioner certification are available to study through one of our accredited training providers. Find a training provider.

You can opt to self-study towards the foundation certification, but training is mandatory at the practitioner level.

See our RESILIA Certifications section for more information.