RESILIA™ exam questions: Part One
Blog posted by: Matt Trigg - Managing Director, Zindiak, 05 October 2016.
Cyber security, today, is often very technology-based with a focus on technical issues such as firewalls and virus scanning software.
While technology is an important part of the cyber defence, it is important not to neglect strategy in identifying what controls an organization needs with regard to cyber security. It can also mean omitting the design phase of cyber security which means many organizations ignore human resource controls, when the facts show that more than 90% of cyber incidents are employee-related! Clearly, cyber resilience requires a more holistic approach than just taking an IT-based perspective.
RESILIA Foundation course - what is it and who is this good for?
As an antidote to the prevailing types of cyber security learning, AXELOS’ RESILIA Foundation course provides people with an overview of cyber security and cyber resilience. It also identifies a lifecycle within which organizations can implement cyber resilience. This includes a structure that helps avoid the pitfalls of immediately turning to technology, without thinking about whether that technology will address any real or perceived cyber security problem.
It also gives organizations a risk management framework, if they don’t have that already, which provides an introduction to risk management from a cyber security point of view.
So, by way of demonstrating some of the areas and issues that RESILIA Foundation addresses, we’re going to look at some example questions from the exam. This will be useful for people already studying or planning to study RESILIA, but will also offer some wider learning points for anyone tasked with responsibility for their organization’s cyber resilience.
EXAMPLE QUESTION: Which is a stakeholder category for a cyber resilience strategy?
For this question, the multiple choice answer options are:
(a) Insurance underwriters
(b) Security standards bodies
(c) Target customer markets
(d) Legal and regulatory authorities
The right response is (d), but why?
Every business has to operate within the law and therefore needs to demonstrate to the legal and regulatory authorities that it has a cyber resilience strategy, which means having a clear approach to protecting important and sensitive information. Any organization handling public data, including personal details of individuals, needs to hold that data securely. While legal and regulatory bodies will take an interest in all organizations some are subject to greater oversight than others, such as banks and financial services businesses.
Going back to the other answer options, all three are related to cyber resilience but are not stakeholder categories.
- Security standards bodies provide standards that might be helpful to you and certain target customer markets might have a specific requirement for cyber security (e.g. the nuclear industry or defence industry clients) but are not stakeholder groups for cyber resilience strategy
- The same goes for insurance underwriters, though a company may choose to transfer risk to an insurance company via a cyber insurance policy
- You should be aware of the requirements of potential customers (who are stakeholders) in different target customer markets but the markets aren’t stakeholders.
See our RESILIA section for more information.
Read Matt's previous AXELOS blog post, A culture of success: the thread that links PRINCE2 Agile, RESILIA and ITIL Practitioner.
Latest News from
The Four Dimensions of Axle Car Hire18/06/2021 13:20:00
Blog posted by: Tom young – Commissioning Editor, ITIL Core, AXELOS, 16 June 2021.
Demonstrating programme value through benefits17/06/2021 13:20:00
Blog posted by: Martin Stretton – Transformation Programme Director, NFER, 15 June 2021.
Project management skills in IT and cyber security14/06/2021 13:20:00
Blog posted by: Jason Dion – Dion Training, 11 June 2021.
Service Robotics and ITIL 4: enabling customer experience11/06/2021 13:20:00
Blog posted by: Mauricio Corona – Chairman, BP Gurus, 10 June 2021.
These aren’t just any outcomes…these are MSP outcomes of benefit10/06/2021 13:20:00
Blog posted by: John Edmonds – PPM Portfolio Development Manager, AXELOS, 08 June 2021.
How to move from project to programme management08/06/2021 13:20:00
Blog posted by: Andreea Iuras – Biopharma programme/project manager, 04 June 2021.
How focusing on user experience in ITIL 4 leads to value07/06/2021 13:20:00
Blog posted by: David Billouz – CEO, Ociris, 03 June 2021.
ITIL 4 Strategic Leader: for IT strategy planning today01/06/2021 13:20:00
Blog posted by: Chandramohan Sridhara – ICT Architect, 28 May 2021.