I have recently completed an online course at the University of Adelaide that was named ‘Cyberwar, Surveillance and Security’. I found the subjects absolutely fascinating. The aspect of protecting data and establishing laws around the international cyberspace was really exciting for me. As I am also working in IT Service Management (ITSM) I am very familiar with designing mature and secure IT service environments. Some time ago I was looking for material that would aid me with risk management around IT and data security. I found a few things but nothing that could have been compared to what ITIL is for ITSM.
Now the news is, there is such a methodology along with a course to learn the practices and theory. It’s called RESILIA and has been prepared by AXELOS, who also worked on other methodologies such as ITIL, PRINCE2, MSP, M_o_R, P3O, MoP and MoV. RESILIA focuses on aspects of risk management, security awareness, information security, social engineering, designing secure solutions, datability in technical and non-technical ways. Do you remember the cyber-attack on Sony Pictures towards the end of last year? Former employees confirmed that the technical security measures were a joke and thus it was only a matter of time until an attacker would start a successful attack. They lost more than mere money and maybe all that could have been prevented by following the processes explained in the RESILIA courses.
An Information Security Nightmare
Not long ago the electronics and entertainment giant Sony had quite serious problems being under cyber-attack. Have you kept on the news and investigate what happened there? You would think that such a techie enterprise if fully equipped and can proficiently protect their business data along with the client data. Just imagine the following would have happened to your company. How would you react and could you maybe have prevented it? The Sony Pictures case starts with day one being the 24th November of 2014.
Click here for a pop-up chronology of events around the Sony Hack.
Prevention
There have been books and guidelines before that would possibly aid initiatives for a better Cyber Resilience, however no viable courses that could have been considered as industry standard. There are technical document sets that help you set up your IT environment in a way that could be considered secure but maybe not resilient against malicious attacks. There are also frameworks for risk management in general such as the ISO / IEC 27001, 27005 and 31010 – but will they really help beyond the best effort risk management? Maybe not.
Only very recently AXELOS (who you might know for other frameworks such as ITIL) has launched their RESILIA courses for Cyber Resilience on many levels. Unlike other frameworks the RESILIA course follows a holistic approach with its learning material and educates how an organization can resist cyber-attacks as well as how to respond and recover from same.
RESILIA also helps to build awareness of the risks introduced by engaging all levels of staff starting with the boardroom and following down towards the base of operations for a holistic problem prevention.
The material that is taught through only accredited partners was prepared by a team of known industry experts. The best practice guide was prepared by Stuart Rance, Mike St John-Green and Moyn Uddin. People I know and appreciate for what they do in the industry. The material was reviewed by numerous experts in the field as well to make sure that the guidelines are applicable to all types of environments as well and valid.
Who Is the Course For?
Those of you who met me, possibly know that on everything learning and joining courses, I am always the one who yells “Here, me! I’ll do that!” but if you are considering this course not for yourself but for someone else of your organization I could recommend this to be done by roles and functions such as key individuals from ITSM, Information Security, Business Analysis, IT Project Management, IT Development, IT and Security Architecture and leadership roles such as the CTO/CIO, CISO/TISO or possibly even the IT Director. From my experiences however I recommend to let several people across teams and regions complete the RESILIA course so that their activity can complement their overall effort. Having a lone sheriff often does not work out the best and I’m sure you are familiar with such a scenario as well.
Can You Afford the Training?
No, let me put it differently. Can you afford to ignore the risk? If you are running a kiosk, the worst thing that could happen is that someone causes damages to your business by disrupting systems or plainly taking money. If you are operating a more complex operations with more responsibility in what you do and possibly even on global scale, not being resilient to cyber-attacks could cause not only business and PR damage but cost the lives of people. If we are talking pharmaceutics or health care in general, falsified data can be fatal. If you are in the energy sector the complexity risks are almost impossible to assess. If you manufacture cars, whole series might be produced with defects that could cause grief accidents. If you are in aviation any mistake in handling aircraft systems could cause problems that nobody can accept. Cyber-attacks with the intend to hurt businesses are terrible. You might lose money, clients and reputation but if you are at any point dealing with the health and safety of humans, you are responsible to secure the technology that you leverage in order to deliver your services. If you are dealing with national security on governmental level, the RESILIA course should be mandatory for everybody.
Best Way to Do the Course
We recently featured ITSM Zone and their latest service offerings, so we were happy to see that they already have the RESILIA courses in their portfolio as well. It’s very convenient to do the RESILIA course at ITSM Zone because you can do it online in your own time within a 30 or 60 day time window. That saves you a lot of time and money that you would otherwise would have spent on travel and hotel accommodation (these costs often exceed the actual training cost as well) and on top of that you still get the hard copy book. You can do the course online starting at 649 USD, which in my opinion is a really fair price with good value add. After your training course you should also grab your exam with ITSM Zone so you get a proper certification for your CV as well. You can do that online too and it will take about 110 minutes with about 50 questions for you from which at least 33 needs to be correct in order to pass.
Have fun with your course, good luck and stay resilient!
YouTube: The ITSM Crowd – Cyberarmageddon
Photo credit: Robin Gist