Cyber Resilience RESILIA® Foundation

• The Cyber Resilience RESILIA Foundation course starts with the purpose, key terms, the distinction between resilience and security, and the benefits of implementing cyber resilience. It introduces risk management and the key activities needed to address risks and opportunities. Further, it explains the relevance of common management standards and best practice frameworks to achieve cyber resilience. Subsequently, it identifies the cyber resilience processes, the associated control objectives, interactions and activities that should be aligned with corresponding IT Service Management activities. In the final part of the course, it describes the segregation of duties and dual controls related to cyber resilience roles and responsibilities.

Module 1: Intro to Cyber Resilience

• 1.1 Describe what cyber resilience is

• 1.2 Identify the benefits of cyber resilience

• 1.3 Identify the terms

• 1.4 Identify the purpose of balancing

• 1.5 Identify the need for:

• a) Confidentiality

• b) Integrity

• c) Availability

• d) Authentication

• e) Nonrepudiation

Module 2: Risk management

• 2.1 Describe what risk management is

• 2.2 Identify the purpose of risk management

• 2.3 Identify the terms: risk, asset, vulnerability, threat

• 2.4 Describe actions to address risks and opportunities:

• a) Establish context

• b) Establish criteria for risk assessment and acceptance

• c) Risk identification

• d) Risk analysis and evaluation

• e) Risk treatment

• f) Risk monitoring and review

• 2.5 Identify the terms:

• a) Risk register

• b) Risk avoidance

• c) Risk modification

• d) Risk sharing

• e) Risk retention

• f) Risk treatment plan

• g) Defence-in-depth

Module 3: Managing Cyber Resilience

• 3.1 Identify the purpose and scope of a management system

• 3.2 Identify the components of a management system

• 3.3 Recognize the relevance of common management standards and best practice frameworks to cyber resilience

• 3.4 Describe the difference between management, governance, and compliance

Module 4: Cyber Resilience Strategy

• 4.1 Identify what cyber resilience strategy is intended to achieve

• 4.2 Identify cyber resilience activities that should be aligned with IT service strategy

• 4.3 Describe the purpose and key features of the control objectives

• 4.4 Identify interactions between the following IT service management processes and cyber resilience

Module 5: Cyber Resilience Design

• 5.1 Identify what cyber resilience design is intended to achieve

• 5.2 Identify cyber resilience activities that should be aligned with IT service design

• 5.3 Describe the purpose and key features of the control objectives

• 5.4 Identify interactions between the following IT service management processes and cyber resilience

Module 6: Cyber Resilience Transition

• 6.1 Identify what cyber resilience transition is intended to achieve

• 6.2 Describe the purpose and key features of the control objectives

• 6.3 Identify interactions between the following IT service management processes and cyber resilience

Module 7: Cyber Resilience Operation

• 7.1 Identify what cyber resilience operation is intended to achieve

• 7.2 Describe the purpose and key features of the control objectives

• 7.3 Identify interactions between the following IT service management processes and cyber resilience

Module 8: Cyber Resilience Continual Improvement

• 8.1 Identify what cyber resilience continual improvement is intended to achieve

• 8.2 Recognise maturity models and their purpose

• 8.3 Describe the purpose and key features of the control objectives

• 8.4 Describe how the seven-step improvement process can be used to plan cyber resilience improvements

• 8.5 Describe how to use ITIL CSI approach to plan cyber resilience improvements

Module 9: Cyber Resilience Roles & responsibilities

• 9.1 Describe segregation of duties and dual controls