Given the relatively low-key launch of RESILIA in June, it would be easy to dismiss this new cyber resilience best practice as just another one of those schemes or standards that you look at next year (or maybe never)!
Published by AXELOS, RESILIA is a best-practice framework designed to build cyber resilience skills and knowledge for managers and staff working in organisations of any size. It has been written as a guide to the practical knowledge required to enhance existing management strategies and to help align cyber resilience with IT operations, security and incident management. Training is an essential element of the framework, and the RESILIA Foundation and Practitioner certification schemes have been introduced to build knowledge and award qualifications.
AXELOS is of course the owner of ITIL®, so it comes as no surprise that RESILA defines a “process-centric” approach that uses the ITIL lifecycle of “strategy – design – transition – operation – continual improvement”. It is not, however, an extension to ITIL; rather, it has been developed as an independent best-practice framework in its own right, but there is no doubt that its initial target market will be organisations worldwide that have adopted ITIL.
First published cyber resilience best practice
RESILIA is notable for being the first published cyber resilience best practice. It clearly defines the need both for the “preventive” controls of information security and the “responsive” measures of business continuity planning. It also emphasises that risk-based design and implementation of cyber resilience controls can only be delivered successfully through an organisation’s management system, which is in turn driven by its strategic goals.
Although RESILIA does not contain many new ideas, it is a well-written and sophisticated summary of the collective wisdom of an impressive range of existing standards and best-practice documents. These include ISO 27001, NIST, ISO 20000, ISO 22301, COBIT® 5 and ITIL. The ISO 27001:2013 standard is acknowledged as the leading information security standard, and the point that the ITIL lifecycle could be replaced with the ISO 27001 “context – leadership – planning – support – operation – performance evaluation – improvement” process cycle is well made.
RESILIA does an excellent job of defining the benefits and key terms of cyber resilience, and will likely become a significant influence in raising awareness of risk management and the activities needed to address cyber threats. If it follows the same path as ITIL, it should also become a significant influence in the education, training and certification of a new breed of cyber resilience professionals in the future.
Find out more
If you would like to know more about RESILIA, I can recommend that you purchase and read RESILIA™ Cyber Resilience Best Practices. For early adopters, we are also able to offer a place on our new RESILIA™ Foundation training course.