1 Introduction

1.1 Intended audience

1.2 Making cyber resilience real through the use of examples

1.3 Aligning cyber resilience with business outcomes

1.4 What is cyber resilience?

1.5 Some important characteristics of cyber resilience

1.6 Wider benefits of cyber resilience –building trust

1.7 How to achieve a sufficient level of cyber resilience

1.8 Scope of this publication

1.9 Introduction questions

2 Risk management

2.1 Management of Risk

2.2 Assets, threats, vulnerabilities and risks

2.3 Actions to address risks and opportunities

2.4 Risk management questions

3 Managing cyber resilience

3.1 The need for a single management system

3.2 The ITIL service lifecycle

3.3 Managing cyber resilience questions

4 Cyber resilience strategy

4.1 Control objectives and controls for a cyber resilience strategy

4.2 Aligning cyber resilience strategy with IT service strategy

4.3 Strategy scenarios

4.4 Cyber resilience strategy questions

5 Cyber resilience design

5.1 Control objectives and controls for cyber resilience design

5.2 Aligning cyber resilience design with IT service design

5.3 Design scenarios

5.4 Cyber resilience design questions

6 Cyber resilience transition

6.1 Control objectives and controls for cyber resilience transition

6.2 Aligning cyber resilience transition with IT service transition

6.3 Transition scenarios

6.4 Cyber resilience transition questions

7 Cyber resilience operation

7.1 Control objectives and controls for cyber resilience operation

7.2 Aligning cyber resilience operation with IT service operation

7.3 Operation scenarios

7.4 Cyber resilience operation questions

8 Cyber resilience continual improvement

8.1 Control objectives and controls for cyber resilience continual improvement

8.2 Aligning cyber resilience continual improvement with IT continual service improvement

8.3 Using the ITIL CSI approach to plan cyber resilience improvements

8.4 Using MSP to plan and manage cyber resilience improvements

8.5 Maturity models

8.6 Continual improvement scenarios

8.7 Cyber resilience continual improvement Questions

9 Cyber resilience roles and responsibilities

9.1 Roles and responsibilities across the organization

9.2 Segregation of duties and dual controls

9.3 Cyber resilience roles and responsibilities questions