1 Syllabus COURSE TITLE: Disaster Recovery and Business Continuity COURSE NUMBER: IA-643 CREDIT HOURS: 3 PREREQUISITE: IA 642 Enterprise Security IA 622 Risk Vulnerability Physical Assessment Course Description: Disaster Recovery and Business Continuity, a strategic imperative and a competitive advantage in an environment where you must plan for the unexpected, maintain operations, and meet regulatory demands. Course also covers recovery time and recovery point objectives (RTO and RPO. Built upon the concepts of risk analysis and business impact planning, this course is designed to provide a foundation and guide to coordinated organizational emergency response and event management during and after a disruptive occurrence. Course Objectives: Upon successful completion of this course, students should be able to: 1. Identify the core pieces and functions of an integrated, effective, corporate business continuity program 2. Describe key Business Continuity terms and concepts, such as: determining critical business functions, the "MARC" (minimum acceptable recovery configuration), Recovery Time Objectives, Recovery Point Objectives, Recovery Time Capabilities, information technology disaster recovery technical solution designs standards and practices 3. Understand how to effectively determine business unit business resumption requirements for loss of workspace, loss of information technology, and loss of personnel. 4. Understand how to approach crafting effective information technology recovery time capabilities for key systems that will meet business units' stated needs, and how to address "the gap" which may be discovered between business units' information technology recovery requirements and available money or capabilities 5. Understand the core quality control concepts surrounding the development and use of scorecards in evaluating business resumption and disaster recovery plans, and standardized objective metrics in information technology testing Unit 1: Course Intro and Asset Identification Chapter 1 IR/DR 1.1 Course Intro and Review 1.2 Critical Asset Identification 1.21 Tangible/Physical Assets 1.22 Intangible/Logical Assets 1.3 Asset Valuation 1.4 Baseline Creation 1.5 Understanding Asset Ranking in Incident Response vs. Disaster Recovery
2 Unit 2: Introduction to Risk Management Chapter1 IR/DR Chapter 62 CSH 2.1 Overview of the Risk Management Process 2.2 Risk 2.3 Risk Assessment Process 2.4 Risk Management 2.5 Residual Risk 2.6 Risk Control and Acceptance Unit 3: Threat Chapter 1, 2 IR/DR Chapter 12, 13, 14, 22 CSH 3.1 Threats 3.2 Environmental/Natural Threat 3.3 Human Threats 3.31 Error 3.32 The Insider 3.33 Sabotage 3.34 Social Engineering 3.4 Hardware/Software Failure 3.5 Attacks 3.51 Software Attacks 3.52 Viruses 3.53 Worms 3.54 Backdoors and Trapdoors 3.55 Denial of Service 3.6 Theft 3.7 Threat Analysis 3.8 Threat Assessment Unit 4: Vulnerabilities Chapter 4.1 Vulnerabilities 4.2 Vulnerability Analysis 4.3 Vulnerability Management 4.4 Network Vulnerabilities 4.5 Technical Vulnerabilities Unit 5: Planning for Organizational Readiness Chapter 2 IR/DR 5.1 Contingency Planning Process 5.11 Beginning the CP Process 5.12 Elements to Begin Contingency Planning 5.2 Contingency Planning Policy 5.3 Business Impact Analysis 5.4 Business Impact Analysis Data Collection
3 5.5 Budget Planning for BIA 5.51 Incident Response Budgeting 5.52 Disaster Recovery Budgeting 5.53 Business Continuity Budgeting 5.54 Crisis Management Budgeting Unit 6: Incident Response Chapter 3, 4, 5 IR/DR 6.1 Preparing for Incident Response 6.2 Incident Response Policy 6.3 Building the Security Incident Response Team 6.4 Incident Response Planning 6.41 During the Incident 6.42 After the Incident 6.43 Before the Incident 6.5 Assembling and Maintaining the Final Incident Response Plan 6.6 Detecting Incidents 6.7 Intrusion Detection Systems 6.8 Incident Decision Making 6.9 Reaction 6.10 Recovery from Incidents 6.11 Maintenance 6.12 Intrusion Forensics Chain of Custody 6.13 Managing Evidentiary Data in an Electronic Environment Unit 7: Contingency Strategies for Business Resumption Planning Chapter 6 IR/DR 7.1 Data and Application Resumption 7.2 Site Resumption Strategies 7.21 Exclusive Site Resumption Strategies 7.22 Shared Site Resumption Strategies 7.23 Service Agreements Unit 8: Disaster Recovery Chapter 7, 8 IR/DR 8.1 Disaster Classifications 8.2 Forming the Disaster Recovery Team 8.3 Disaster Planning Functions 8.4 Technical Contingency Planning Considerations 8.5 Resumption Phase 8.6 Restoration Phase 8.7 Facing Key Challenges 8.8 Preparation: Training the DR Team and the Users 8.9 Disaster Response Phase 8.10 Recovery Phase
4 8.11 Resumption Phase 8.12 Restoration Phase 8.13 Simulation Exercise-Sample Disaster Recovery Plans Unit 9: Business Continuity Chapter 9, 10 IR/DR 9.1 Elements of Business Continuity 9.2 The Business Continuity Team 9.3 Business Continuity Policy and Plan Functions 9.4 Creating an Effective BC Plan/Policy 9.5 Implementing the BC Plan 9.6 Continuous Improvement of the BC Process 9.7 Maintaining the BC Plan 9.8 Simulation Exercise-Sample Business Continuity Plans Unit 10: Crisis Management Chapter 11 IR/DR 10.1 Crisis Management in the Organization 10.2 Preparing for Crisis Management 10.3 Post-Crisis Trauma 10.4 Getting People Back to Work 10.5 Law Enforcement Involvement 10.6 Managing Crisis Communications 10.7 Succession Planning Unit 11: Site Planning Simulation Exercise Students, in a team, will develop a full Site Plan for a fictitious organization. Details will be provided by the Instructor. Site Planning Simulation Exercise: The final project will be developed in teams, with each Team Leader giving an oral presentation to the class. Each team will be assigned a unique Organization/Location for which a Business Impact Analysis, Incident Response, Business Continuity and Disaster Recovery Plan will need to be developed. Each student will write a portion of the team report and will be responsible for his or her contribution to the overall project. Each team will provide a final written report identifying each team member s individual contribution, as well as their findings. The focus of the final project is to develop a complete Business Continuity/Disaster Recovery Plan, as well as an Incident Response Plan and Business Impact Analysis, utilizing the materials presented in class. Things to consider: Size Line of business Number and types of locations Risks to the organization
5 Final Project Documentation: A complete project with two hard paper copies must be submitted as a total business document, including a copy of the PowerPoint presentation. All projects must be secured in a lightweight binder. Due: Accepted only during the class session during which you present your project. Print all components of the finished project, tables, queries, forms and reports. These should be assembled in logical order. Grading will also be based on correctness and accuracy of work, content, professionalism and other factors emphasized in the course. The project must be complete when turned in. **The instructor reserves the right to make any additions/deletions or changes to this syllabus as deemed necessary.