AXELOS progresses ITIL-like best practice for cyber resilience
24 Jun 2014
Source: David Bicknell, Published 24 June 2014
First best practice offerings likely to emerge later this year
AXELOS, the joint venture organisation that owns ITIL and PRINCE2, has detailed some of its plans to create what could eventually define an ITIL-like best practice equivalent for cyber resilience.
In an interview, Nick Wilding, AXELOS' head of cyber resilience best practice at the joint venture set up to grow the government's portfolio of best management practice, accreditation and publishing services, indicated AXELOS' plans to market its resilience portfolio, including the development of a cyber resilience maturity assessment tool, mapping across a number of standards.
"At the end of the day we are all about global best practice," he said. "We are looking to launch at the end of this year, with the primary launch market likely to be US and UK. We believe in using ITIL - which is 25 years old this year - as the underpinning framework and language for a cyber resilience portfolio. It is fair to say we're creating a cyber resilience equivalent to ITIL. We're also using the latest serious gaming techniques to embed within the training programme, developing in house simulations."
Wilding believed the work that AXELOS is doing herald the start of 25 years and longer growth of cyber resilience best practice and skills.
"We do see a real gap in the market," he added. "One is there is no shortage of standards. All of my conversations out in the marketplace with some big organisations who are ITIL users, describe their confusion at the number of standards which define what you need to do. But there's very little out there that defines the how to do it. And that's where we see our best practice guidance, very similar to ITIL and PRINCE2. It's much more about pragmatic actionable guidance."
According to Wilding, many of the standards and the solutions that people tend to start from a technology perceptive. He suggested that "very good" schemes like Cyber Essentials need to be surrounded by "the awareness, the people and the process that brings everything together into one overall solution."
He added, "One thing I've been very keen about is that out solution should be available to all within an organisation, starting at the very top, including solutions targeting board directors right through to heads of business across the organisation, including the head of risk right down to the people who own IT security and information security within the organisation. Different levels of awareness and practitioner and professional training."