The Cabinet Office and Capita’s joint venture Axelos has moved into the cyber security space to offer training to boards and CEOs.
The company’s head of cyber resilience best practice, Nick Wilding, told Computing that the firm was launching a new cyber resilience portfolio later this year in the UK and the US.
This would add to the best management practice portfolio that includes ITIL and the project management methodology Prince2 that the firm already runs.
The new service, which is aimed at raising awareness of cyber security, rather than up-skilling talent with technical expertise, will come at a charge that Wilding did not disclose. However, he did state that it is open for any type of organisation.
“Ultimately we will train any company, across the board – and yes they will have to pay for it. Any company, of any size, whether they are a government or federal organisation or a private firm. That said, it is a priority for us to deal with sectors that have the most to do [to catch-up], particularly the sectors which have a lot of sensitive information,” he said.
Axelos has about “300 to 400 training providers” as part of its existing network around the world, who will be assisting the firm with training.
Wilding, whose previous role was at BAE Systems Applied Intelligence, formerly Detica, explained that the training would involve “in-room simulation”.
“It means getting board members or heads of businesses into a room and taking them through a scenario,” he said.
But unlike the Digital Criminality programme he launched at BAE Systems, whereby participants were given a crisis to solve on paper, this takes a more “positive” outlook.
“It gives scenarios such as signing a deal with a firm in the Far East – the scenario takes them through the [security] impacts, such as how the wider supply chain will be affected,” he said.
An element of “gamification” will also be applied in what Wilding describes as “serious games”.
“We’re looking at introducing serious games for one player, and perhaps a multiplayer mode, in which we build up a range of different scenarios that employees will have to work their way through to make it more exciting.
“With traditional cyber security training, people are shown a scenario and asked basic questions, and the end result is a certificate. The difference with this is participants will be asked to make decisions and they can then see what the repercussions of their actions would be,” he said.