RESILIA™ exam questions: Part One
Blog posted by: Matt Trigg - Managing Director, Zindiak, 05 October 2016.
Cyber security, today, is often very technology-based with a focus on technical issues such as firewalls and virus scanning software.
While technology is an important part of the cyber defence, it is important not to neglect strategy in identifying what controls an organization needs with regard to cyber security. It can also mean omitting the design phase of cyber security which means many organizations ignore human resource controls, when the facts show that more than 90% of cyber incidents are employee-related! Clearly, cyber resilience requires a more holistic approach than just taking an IT-based perspective.
RESILIA Foundation course - what is it and who is this good for?
As an antidote to the prevailing types of cyber security learning, AXELOS’ RESILIA Foundation course provides people with an overview of cyber security and cyber resilience. It also identifies a lifecycle within which organizations can implement cyber resilience. This includes a structure that helps avoid the pitfalls of immediately turning to technology, without thinking about whether that technology will address any real or perceived cyber security problem.
It also gives organizations a risk management framework, if they don’t have that already, which provides an introduction to risk management from a cyber security point of view.
So, by way of demonstrating some of the areas and issues that RESILIA Foundation addresses, we’re going to look at some example questions from the exam. This will be useful for people already studying or planning to study RESILIA, but will also offer some wider learning points for anyone tasked with responsibility for their organization’s cyber resilience.
EXAMPLE QUESTION: Which is a stakeholder category for a cyber resilience strategy?
For this question, the multiple choice answer options are:
(a) Insurance underwriters
(b) Security standards bodies
(c) Target customer markets
(d) Legal and regulatory authorities
The right response is (d), but why?
Every business has to operate within the law and therefore needs to demonstrate to the legal and regulatory authorities that it has a cyber resilience strategy, which means having a clear approach to protecting important and sensitive information. Any organization handling public data, including personal details of individuals, needs to hold that data securely. While legal and regulatory bodies will take an interest in all organizations some are subject to greater oversight than others, such as banks and financial services businesses.
Going back to the other answer options, all three are related to cyber resilience but are not stakeholder categories.
- Security standards bodies provide standards that might be helpful to you and certain target customer markets might have a specific requirement for cyber security (e.g. the nuclear industry or defence industry clients) but are not stakeholder groups for cyber resilience strategy
- The same goes for insurance underwriters, though a company may choose to transfer risk to an insurance company via a cyber insurance policy
- You should be aware of the requirements of potential customers (who are stakeholders) in different target customer markets but the markets aren’t stakeholders.
See our RESILIA section for more information.
Read Matt's previous AXELOS blog post, A culture of success: the thread that links PRINCE2 Agile, RESILIA and ITIL Practitioner.
Latest News from
ITIL 4 and swarming – finding the right people and process for the job15/11/2022 13:20:00
Blog posted by: John Custy, Managing Consultant, JPC Group, 11 November 2022.
Digital transformation: building frictionless digital ecosystems of people and technology14/11/2022 13:20:00
Blog posted by: Erika Flora – President/CEO, Beyond20, 10 November 2022.
Turning outputs into outcomes and benefits - the perilous journey of an output08/11/2022 13:20:00
Blog posted by: Michelle Rowland – Director, A&J Project Management, 08 November 2022.
Best practice guidance: a “partner” for any professional01/11/2022 13:20:00
Blog posted by: Andrea Vecchi – Head of PMO, Sonnedix, 31 October 2022.
ITIL 4 and DevOps: a case for collaboration26/10/2022 10:20:00
Blog posted by: Jonathan Wafford, ITIL 4 Strategic Leader/Managing Professional 25 October 2022.
ITIL best practice – a core competency in digital services25/10/2022 13:20:00
Blog posted by: David Nyman, Trainer and Management Consultant, Aim 4 Knowledge, 24 October 2022.
Failing fast, but failing safe with ITIL 413/10/2022 10:20:00
Blog posted by: David Barrow –Enterprise Service Management Consultant, 11 October 2022.
Getting on the front foot with risk management16/09/2022 10:15:00
Blog posted by: Polly Parr, Materials Manager – Clarks, 15 September 2022.