The resilience of information systems has always been vital to the sustainability of businesses and other organizations. The secure use of information technology has for many years been the topic of guidance and standards describing controls to prevent the loss of critical information. However, the emergence and continuing rapid development of the global networked information environment that we call cyberspace has changed the nature of the problem. While this connectivity offers unparalleled opportunities and benefits, the very same mechanisms create complex and continually evolving risks. This guide offers a practical approach to cyber resilience, reflecting the need to detect and recover from incidents, and not rely on prevention alone.
Is this for you? Intended Students
This Qualification is
relevant to all organizations that operate in the digital age and
use systems to manage information – for example,
organizations that:
● Rely on
networked information systems for their operations
● Handle
personal data about their customers and their
employees
● Possess and
employ valuable intellectual property
● Use
outsourced IT services
● Provide IT
services, either internally or externally.
The primary audience is
those who will actively use and reference this publication for
their Foundation and Practitioner course/exams
and as part of their day-to-day jobs, so these will
include:
● Managers who are
responsible for staff and processes where cyber resilience
practices are required – for example, those processing
payment card information, sensitive commercial data or customer
communications
● IT service
management teams, IT development and security teams, cyber teams
and relevant team leaders – those who operate
the information systems that the organization relies
on
● IT designers
and architects – those responsible for the design of the
information systems and the controls that provide
resilience
What you will learn?
Cyber Resilience Best Practices comprises:
● Introduction: Introduces
the concept of cyber resilience.
● Risk
management: Describes an approach to risk management.
● Managing
cyber resilience: Explains need for a single management system that
will ensure delivery of cyber
resilience alongside other business goals.
● Cyber
resilience strategy: Addresses the strategy stage of the cyber
resilience lifecycle.
● Cyber
resilience design: Explains the design stage of the cyber
resilience lifecycle.
● Cyber
resilience transition: Concerns the transition stage of the cyber
resilience lifecycle.
● Cyber
resilience operation: Discusses the operation stage of the cyber
resilience lifecycle.
● Cyber
resilience continual improvement: Addresses the continual
improvement stage of the cyber resilience
lifecycle.
● 9 Cyber
resilience roles and responsibilities: Describes roles and
responsibilities necessary to achieve cyber
resilience.
● Further
research: Provides useful references for further
research
Foundation Exam
1. All 50 questions should
be attempted.
2. All answers
are to be marked on the answer sheet provided.
3. Please use a
pencil and NOT ink to mark your answers on the answer sheet
provided. There is only one correct answer per
question.
4. You have 1
hour and 40 minutes to complete this paper.
5. You must
achieve 33 or more out of a possible 50 marks (65%) to pass this
exam.
Practitioner Exam
1. All 50 questions should
be attempted. Each question is worth one mark.
2. All answers
are to be marked on the answer sheet provided.
3. Use a pencil
(NOT ink pen) to mark your answers on the answer sheet
provided. There is only one correct answer per
question.
4. You have 2
hours and 15 minutes to complete this paper.
5. This is a
closed book exam and no material other than the Question Booklet,
the Scenario Booklet and the Answer Booklet is to be
used.
6. You must achieve 30 or more out of a possible 50 marks (60%) to pass this exam