KPMG warns cyber-security certs are just "one piece of the puzzle" as Axelos launches new portfolio


ITIL provider Axelos has launched a new best practice portfolio as part of a cyber-security accreditation venture; but security experts warn that certs are “just one piece of the puzzle”.

The Resilia portfolio announced yesterday by Axelos - a joint venture between the Cabinet Office and Capita - includes best practice guidance, executive training and company awareness training for cyber security.

"Portfolios such as RESILLIA have their place in the cyber security landscape, as many certifications do. The elephant in the room is that unless they form part of a wider company awareness and training programme they are more akin to wall papering over a large crack”, Matt White, senior manager in KPMG’s cyber security practice told ComputerworldUK.

“Upon initial inspection it looks like there is no crack, but if you probe the wall you find there is very little resistance and your hand breaks through."

White says that certifications and solutions form “a vital piece of the puzzle” but basic awareness from top level senior executives, throughout the entire firm is a “crucial first step of a pragmatic approach.”

Firms that have deployed a ‘point solution’ to protect themselves have been “misguided”, White said.

“Many people install an alarm at their home because they know that a locked door alone is not sufficient and the same theory applies here: a product alone does not make a business secure.”

Another security expert, Serena Gonsalves-Fersch, who leads the UK Cyber Academy at KPMG, warned: “We cannot just assume that the solution is as simple as paying for training courses and collecting alphabets – needs and requirements have to be assessed first and the correct training courses applied.

“Before spending limited resources buying expensive training and certifications, organisations need to invest in a skills assessment and training needs analysis to ascertain what their needs are and what capabilities they need to keep their organisation and people safe.

“Training and certifications might then be the answer but they need to spend more time asking the questions. Before a company can fill a skills gap it needs to know exactly where the gaps are. Companies should focus less on certifications and more on creating the right mix of training, certifications and experience.”

The new Axelos portfolio includes a guide that illustrates what good cyber resilience looks like and provides practical guidance for its strategy, implementation and management. It will form the basis of foundation and practitioner training and certification, aimed at IT, security and business professionals. It is provided by Axelos’ network of accredited training organisations (ATOs) across the globe.

Axelos CEO Peter Hepworth said: “Cyber crime is increasingly recognised as one of the most serious risks to a strong global economy, market reputations and to national security. RESILIA provides pragmatic advice; equipping people with the knowledge and confidence to act on cyber security risks and helping organisations maintain reputation, customer confidence and operational stability in the face of increasing cyber threat.”

Axelos will soon be publishing best practice guidance on combining Agile delivery methods like Scrum, extreme programming and Kanban with PRINCE2 project management as part of an Agile qualification programme.


Copyright © 2015 IDG Communications, Inc.

8 highly useful Slack bots for teams
Shop Tech Products at Amazon