CISO’s personal library on managing risk for their organization.
Jun 19 2015
Cyber Resilience Best Practices
Cyber Resilience
RESILIA™ Cyber Resilience Best Practices
AXELOS’s new guide RESILIA™ Cyber Resilience Best Practices provides a methodology for detecting and recovering from cyber security incidents using the ITIL lifecycle
RESILIA™ Cyber Resilience Best Practices
Best guide on Cyber Resilience on the web – Cyber Resilience Best Practices
is part of the AXELOS RESILIA™ portfolio.
RESILIA™ Cyber Resilience Best Practices is aimed at anyone that is responsible for staff or processes that contribute to the cyber resilience of the organization.
The methodology outlined in this manual has been designed to complement existing policies and frameworks, helping create a benchmark for cyber resilience knowledge and skills.
- Designed to help organizations better prepare themselves to deal with the increasing range and complexity of cyber threats.
- Provides a management approach to assist organizations with their compliance needs, complementing new and existing policies and frameworks.
- Developed by experts in hands-on cyber resilience and systems management, working closely with subject and technology experts in cyber security assessment.
- Supports the best-practice training and certification that is available to help organizations educate their staff by providing a defined benchmark for cyber resilience knowledge and skills.
- Aligned with ITIL®, which is the most widely accepted service management framework. The best practice is equally suitable for organizations to adopt within other systems, such as COBIT® and organization-specific frameworks.
Target market
- Managers who are responsible for staff and processes where cyber resilience practices are required – for example those processing payment card information, sensitive commercial data or customer communications.
- IT service management teams, IT development and security teams, cyber teams and relevant team leaders that operate the information systems that the organization relies on.
- IT designers and architects, those responsible for the design of the information systems and the controls that provide resilience.
- The chief information security officer (CISO), the chief security officer (CSO), IT director, head of IT and IT managers.
Related articles
Nov 05 2013
When can we become certified to ISO/IEC 27001:2013?
ISO27001:2013
 ISO27001: 2013 – order your copy today >>>
When can we become certified to ISO/IEC 27001:2013?
by Lewis Morgan @ ITG
At this moment in time, we can only provide an estimate which is based on the insight provided by Chair of the UK ISO/IEC 27001 User Group and Director of consultancy at IT Governance Ltd, Steve Watkins. Considering Steve’s position, we believe his estimates to be the best guidelines an organization can follow.
The following is directly taken from the ISO27001:2013 Transition Webinar by Steve Watkins
“It’s likely that as of 1st January 2014, certification bodies will be able to start the transition to the 2013 version of ISO27001 standard. If that is indeed the case, it’s likely to be that as of 30th September, no new ISO27001:2005 certificates can be issued. This means that by the end of September 2016 all ISO27001:2005 certificates should have transitioned to the 2013 version of the standard”
The image below further illustrates what Steve discussed on the webinar, including his suggestions in terms of what organizations should do next.
Related articles
May 20 2013
A Guide to Data Security and ISO27001/ISO27002
IT Governance 5: An International Guide to Data Security and ISO27001/ISO27002
This manual provides clear, unique guidance for both technical and non-technical managers. It details how to design, implement and deliver an ISMS that complies with ISO 27001.
Now in its fifth edition, this title has been fully updated to take account of the latest regulatory and technological developments, and the International Board for IT Governance Qualifications
Related articles
Jan 31 2013
New Draft ISO27001 and ISO27002 Standards
Industry Update
New Draft ISO27001 and ISO27002 Standards
It has been announced that new Drafts of the two international information security standards ISO27001 (ISMS Requirements) and ISO27002 (Code of Practice) have been published.
These Drafts have been published for the purpose of public consultation. As these are international standards, the consultation process operates internationally, via national standards bodies.
Anyone can comment on the proposed standard and all the comments will then be assembled and reviewed by the committee. The public consultation period closes on 23 March 2013.
To help you understand the proposed changes and implications of these new draft standards we have created an information page.
Click here to read in full about the ISO27001/ISO27002: 2013 Draft Standards
You can also purchase your own copies of the draft standards here:
We will keep you updated with the progress of these standards. Once the new standards are officially published, the existing standards will be withdrawn, however there will be a transition timetable that enables organisations to move from the existing standard to the new one.
Click here to read in full about the ISO27001/ISO27002: 2013 Draft Standards
Related articles
Jan 11 2010
Long Awaited ISO/IEC 27004:2009
Security Metrics: Replacing Fear, Uncertainty, and Doubt
The long awaited international standard on Information Security Measurement, ISO/IEC27004:2009, is now available.
It’s a must have –
To Download a copy of ISO27004 – Information Security Metrics
Key Features and Benefits:
• Provides guidance on the development, implementation use of metrics to measure the effectiveness of an ISO 27001-compliant ISMS, controls or groups of controls. Helping you to quantify the payback to your organisation of implementing an ISMS.
• Covers not just the development, implementation and use of metrics, but also the communication of the results. Helping you to ensure management buy-in for future projects.
• The use of this standard provides opportunities to identify areas in need of improvement, facilitating continual improvement. Thus leading more secure information, cost savings and increases in efficiency.
If you have not claibrated the model with measurement, only one thing is certain: You will either overspend or under-protect.
Get your copy today >>
To Download a copy of ISO27004 – Information Security Metrics
