RESILIA™ exam questions: Part One

5 Oct 2016 03:20 PM

Blog posted by: Matt Trigg - Managing Director, Zindiak, 05 October 2016.

RESILIA™ exam questions: Part One

Matt TriggCyber security, today, is often very technology-based with a focus on technical issues such as firewalls and virus scanning software.

While technology is an important part of the cyber defence, it is important not to neglect strategy in identifying what controls an organization needs with regard to cyber security. It can also mean omitting the design phase of cyber security which means many organizations ignore human resource controls, when the facts show that more than 90% of cyber incidents are employee-related! Clearly, cyber resilience requires a more holistic approach than just taking an IT-based perspective.

RESILIA Foundation course - what is it and who is this good for?

As an antidote to the prevailing types of cyber security learning, AXELOS’ RESILIA Foundation course provides people with an overview of cyber security and cyber resilience. It also identifies a lifecycle within which organizations can implement cyber resilience. This includes a structure that helps avoid the pitfalls of immediately turning to technology, without thinking about whether that technology will address any real or perceived cyber security problem.

It also gives organizations a risk management framework, if they don’t have that already, which provides an introduction to risk management from a cyber security point of view.

So, by way of demonstrating some of the areas and issues that RESILIA Foundation addresses, we’re going to look at some example questions from the exam. This will be useful for people already studying or planning to study RESILIA, but will also offer some wider learning points for anyone tasked with responsibility for their organization’s cyber resilience.

EXAMPLE QUESTION: Which is a stakeholder category for a cyber resilience strategy?

For this question, the multiple choice answer options are:

(a) Insurance underwriters
(b) Security standards bodies
(c) Target customer markets
(d) Legal and regulatory authorities

The right response is (d), but why?

Every business has to operate within the law and therefore needs to demonstrate to the legal and regulatory authorities that it has a cyber resilience strategy, which means having a clear approach to protecting important and sensitive information. Any organization handling public data, including personal details of individuals, needs to hold that data securely. While legal and regulatory bodies will take an interest in all organizations some are subject to greater oversight than others, such as banks and financial services businesses.

Going back to the other answer options, all three are related to cyber resilience but are not stakeholder categories.

See our RESILIA section for more information.

Read Matt's previous AXELOS blog post, A culture of success: the thread that links PRINCE2 Agile, RESILIA and ITIL Practitioner.