COURSE DESCRIPTION:AXELOS RESILIA™: Cyber Resilience Best Practice
is designed to help commercial and government organizations around the
world prevent, detect and correct any impact cyber attacks will have
on the information required to do business. Adding RESILIA to the
existing AXELOS global best practice portfolio, including ITIL® and
PRINCE2®, brings a common cyber resilience best practice for
security, IT service management and business. Active cyber resilience
is achieved through people, process and technology.
The RESILIA TM Practitioner course starts by revisiting the concepts
and knowledge acquired in the Foundation course and requires you to
bring that knowledge into practical activities in interesting
real-life scenarios. The course begins with distinguishing among the
terms: asset, risk, threat and vulnerability. It determines the key
activities needed to address risks and opportunities as well as to
create and manage a risk register and a risk treatment plan. Further,
it explains the purpose and use of the control objectives for cyber
resilience processes, and the interactions and activities that are
aligned with corresponding ITSM activities. In the final part of the
course, it describes the application of the seven-step improvement
process to plan cyber resilience improvements, the ITIL CSI approach
to cyber resilience and the segregation of duties and dual controls
related to cyber resilience roles and responsibilities.
COURSE TOPICS:
MODULE 1 : COURSE INTRODUCTION
● Let us get to know each other
● Course learning objectives
● Course agenda
● Activities
● Module end questions
● Course book structure
● RESILIA certification
MODULE 2 : RISK MANAGEMENT
● Distinguish between the terms: risk, asset,
vulnerability, threat
● Determine the actions needed to address risks and
opportunities and explain their purpose
● Create and manage a:Risk register
● Risk treatment plan
MODULE 3 : CYBER RESILIENCE STRATEGY
● Explain the purpose and use of the control
objectives:Establish governance
● Manage stakeholders
● Identify and categorize stakeholders
● Create and manage cyber resilience policies
● Manage audit and compliance
● Explain how ITSM processes and cyber resilience interact
MODULE 4 : CYBER RESILIENCE DESIGN
● Explain the purpose and use of the control
objectives:Human resource security
● System acquisition, development, architecture and design
● Supplier and 3rd party security
● Endpoint security
● Cryptography
● Business continuity
● Explain how ITSM processes and cyber resilience interact
MODULE 5 : CYBER RESILIENCE TRANSITION
● Explain the purpose and use of the control
objectives:Asset management and configuration management
● Classification and handling
● Data transportation and removable media
● Change management
● Testing
● Training
● Documentation management
● Information retention
● Information disposal
● Explain how ITSM processes and cyber resilience interact
MODULE 6 : CYBER RESILIENCE OPERATION
● Explain the purpose and use of the control
objectives:Access control
● Network security management
● Physical security
● Operations security
● Incident management
● Explain how ITSM processes and cyber resilience interact
MODULE 7 : CYBER RESILIENCE CONTINUAL IMPROVEMENT
● Explain the purpose and use of the control
objectives:Audit and review
● Control assessment
● Key Performance Indicators
● Business continuity improvements
● Process improvements
● Remediation and improvement planning
● Apply the seven-step improvement process to plan cyber
resilience improvements
● Apply the ITIL CSI approach to cyber resilience
MODULE 8 : SEGREGATION OF DUTIES AND DUAL CONTROLS
● Apply the concepts of segregation of duties and dual
controls to an organizational
● Context
LEARNING GOALS:
● Be able to carry out risk management.
● Be able to manage the controls relevant to cyber
resilience strategy and align these with IT service management (ITSM).
● Be able to manage the controls relevant to cyber
resilience design and align these with ITSM.
● Be able to manage the controls relevant to cyber
resilience transition and align these with ITSM.
● Be able to manage the controls relevant to cyber
resilience operation and align these with ITSM.
● Be able to manage the controls relevant to cyber
resilience continual improvement and align these with ITSM.
● Be able to evaluate need for segregation of duties and
dual controls.
COURSE AGENDA
DAY 1
● Course Introduction
● Risk Management
● Cyber Resilience Strategy
● Cyber Resilience Design
DAY 2
● Recap and discussion
● Cyber Resilience Transition
● Cyber Resilience Operation
● Cyber Resilience Continual Improvement
● Segregation of Duties and Dual Controls
WHO CAN ATTEND?
The RESILIA TM Practitioner course audience includes all teams across
the Business, IT and Risk functions, including:
● IT Service Management
● Operations and Incident management
● IT Change & Release management
● IT Supplier & Vendor management
● Business Analysis and Design
● Business analysts
● IT Architects
● Development
● IT Project & Programme Management
● Risk and Compliance
● Information Security management
● Business Continuity managers
culture
sports
293
Views
15/07/2020 Last update