Course Title: Disaster Recovery, 1st Edition

Transcription

1 Course Title: Disaster Recovery, 1st Edition Page 1 of 8

2 Course Description: The DISASTER RECOVERY/VIRTUALIZATION SECURITY SERIES is comprised of two books that are designed to fortify disaster recovery preparation and virtualization technology knowledge of information security students, system administrators, systems engineers, enterprise system architects, and any IT professional who is concerned about the integrity of their network infrastructure. Topics include disaster recovery planning, risk control policies and countermeasures, disaster recovery tools and services, and virtualization principles. The series when used in its entirety helps prepare readers to take and succeed on the E CDR and E CVT, Disaster Recovery and Virtualization Technology certification exam from EC- Council. The EC-Council Certified Disaster Recovery and Virtualization Technology professional will have a better understanding of how to set up disaster recovery plans using traditional and virtual technologies to ensure business continuity in the event of a disaster. Certificate Info Disaster Recovery Who Should Attend? This course will significantly benefit Network administrators, Firewall Administrators, Security Testers, System Administrators and Risk Assessment professionals. Course Duration: 2 days (9:00 5:00) CPE/ECE Qualification 16 ECE Credits awarded for attendance (1 for each classroom hour) Suggested Retail: $799 USD Page 2 of 8

3 Required Courseware: Visit and click on Training Workshops for ordering details. What s included? Physical Courseware 1 year Access To EC-Council Student LMS for Practical Labs (if applicable), testing, and Certificate Course + Supplement Cost: See the Training Workshops section at for current pricing information. Related Certificates: VIRTUALIZATION SECURITY Page 3 of 8

4 Course Briefing: 1. Introduction to Disaster Recovery and Business Continuity According to Disaster Recovery is the ability of an organization to respond to a disaster or an interruption in services by implementing a disaster recovery plan to stabilize and restore the organization s critical functions. This module gives a brief introduction to the concepts, such as, disaster recovery, levels of data recovery, disaster recovery process, and business continuity. It also focuses on the concept of Business Continuity planning that helps to provide security and resilience to the organization. It mainly focuses on the topics, such as, how to be prepared before a disaster occurs and how to avoid disasters. 2. Laws and Acts This module familiarizes with some of the laws and acts pertaining to disaster recovery such as, Applicable Acts in Disaster Recovery, Acts of U.S: Sarbanes-Oxley Act, Gramm-Leach-Bliley Act, HIPAA, Flood Disaster Protection Act of 1973, Robert T. Stafford Disaster Relief and Emergency Assistance Act and CAN SPAM Act 2003, etc. 3. Disaster Recovery Planning and Implementation A disaster recovery plan (DRP) describes how an organization should deal with potential disasters. Just as a disaster is an event that makes the continuation of normal functions impossible, a disaster recovery plan consists of the precautions taken so that the effects of a disaster will be minimized and the organization will be able to either maintain or quickly resume mission-critical functions. Typically, a disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention. These modules describe the various steps for planning a disaster recovery process, mainly concentrating on the topics, such as, identifying and estimating the risks, defining a recovery strategy, and performing risk assessments and audits. Disaster recovery planning in a virtualized environment topic is also discussed in this module. It also familiarizes with ten tips for successful IT disaster recovery planning. 4. Business Continuity Management A business continuity plan should provide an enterprise-wide risk-based approach, covering people, processes, technology, and extended enterprise to ensure the continuing availability of the business support systems and minimize the disruption risks. This module mainly focuses on the elements of business continuity management and how to develop business continuity strategies. It also highlights the topics, such as, crisis communication plan, emergency response plan, and business continuity plan development, implementing and maintaining the plan. 5. Managing, Assessing, and Evaluating Risks This module familiarizes with the importance of risk management, risk assessment, and risk mitigation. It also displays the keys for successful risk management program mainly focusing on the roles and responsibilities of the risk management team. It also familiarizes with all the risk variables, relative threats, vulnerabilities, attacks, and consequences related to the system. This module describes about the threats that may result in disclosure of the asset, modification of the asset, Page 4 of 8

5 destruction or loss of the asset, the hardware it resides upon or the software that interacts with it, and interruption of the access to the asset. This module also covers the topics, such as, risk assessment methodology, threat analysis, vulnerability analysis, and vulnerability assessment methodologies Risk management methodology process contains threat and vulnerability analysis. This process is used to find the vulnerabilities and threats to improve the system s performance. This module familiarizes with the topics, such as, system disposition/reutilization, system administration, and audit mechanism processes, system acquisition, process of selecting and purchasing new IT, security product integration, maintenance of user accounts. It also highlights the processes for timely deletion of accounts, automated tool for security test, and security test and evaluation plan and procedure. 6. Risk Control Policies and Countermeasures System security policy provides the guideline for each user to be provided a separate account to use a computer system, containing the password with minimum of six characters. This module helps the students in understanding the security policies and procedures implemented during risk analysis/assessment process. It mainly focuses on the topics, such as, general control policies, information security policy, and system acquisitions policies and procedures. 7. Data Storage Technologies This module talks about various data storage technologies. It discusses the topics, such as, DAS, NAS or SAN, NAS disk-as-disk targets, backup of NAS servers and scalable NAS. It mainly focuses on implementation services for network attached storage systems, highlighting the benefits of network attached storage in small and mid-sized business networks It also familiarizes with the topics, such as what is SAN, threats to a SAN, the benefits of SANs, and the technical topology of a SAN. It mainly focuses on the SAN security concerns. It also highlights the topics securing storage area networks with iscsi and storage area networks over fibre channels. 8. Disaster Recovery Services and Tools Disaster recovery services and software are fetching more significant aspect of enterprise computing. As devices, systems, and networks become ever more complex, there are more things that can go wrong. As a consequence, recovery plans have also become more complex. This module familiarizes with the topics, such as, disaster recovery services and their needs, types of disaster recovery services, data loss prevention, etc. It explains the terminology of implementing offsite backup with the understanding of identifying backup requirements and its importance. It focuses on the topics such as, advantages of offsite data backup, tips for keeping data safe, and developing an effective data backup strategy. It highlights the list of disaster recovery service providers, will familiarize with various backup and recovery solutions, such as, Symantec Backup Exec System Recovery, Symantec Backup Exec, AmeriVault-EV, MozyPro, PC BackUp Pro, SyncBack Pro, etc. 9. Certification and Accreditation of Information Systems System certifiers and accreditors assess the security assessment results credibility and ensure that the objectives are achieved in order to make an informed, risk-based, and accreditation decision. This module discusses about the certification process that supports the risk management process in the information system security program. This module covers the topics, such as, system certifiers and accreditors, certification and accreditation guidelines, certification and accreditation documentation, vulnerabilities and attacks, physical security requirements, and information technology security evaluation criteria. Page 5 of 8

6 Course Outline: Chapter 1: Introduction to Disaster Recovery and Business Continuity Introduction to Disaster Recovery and Business Continuity Disaster Disaster Recovery Best Practices for Disaster Recovery Business Continuity Disaster Recovery Versus Business Continuity Business Continuity and Disaster Recovery Planning Security Management Plan Chapter 2: Laws and Acts Introduction to Laws and Acts Types of Relevant Acts United States of America Laws and Acts Canadian Laws and Acts European Laws and Acts Australian Laws and Acts Chapter 3: Disaster Recovery Planning and Implementation Introduction to Disaster Recovery Planning and Implementation Aspects of Security Application Security Database Security Distributed System Security Firmware Security Industrial Security Vulnerabilities in Network Security Software and Services Remanence Disaster Recovery Plan (DRP) Business Impact Analysis (BIA) Disaster Recovery Roles and Responsibilities Disaster Recovery Planning Steps Disaster Preparedness Profiles Notification and Activation Procedures Disaster Recovery Planning in a Virtualized Environment Page 6 of 8

7 Chapter 4: Business Continuity Management Introduction to Business Continuity Management Elements of Business Continuity Management Business Continuity Plan Developing Business Continuity Strategies Crisis Communication Plan Emergency Response Plan Emergency Management Team (EMT) Contingency Planning Virtualization Disaster Recovery Chapter 5: Managing, Assessing, and Evaluating Risks Introduction to Managing, Assessing, and Evaluating Risks Importance of Risk Management Integration of Risk Management into the System Development Life Cycle (SDLC) Risk Management Methodology Threats Risk Assessment Methodology Attack Methods Countermeasures Weighing the Costs and Benefits of Risk Management Risk Assessment Responsibilities Responsibilities of Security Personnel Automated Testing Verification of Tools and Techniques Acquisitions Tools Chapter 6: Risk Control Policies and Countermeasures Introduction to Risk Control Policies and Countermeasures Countermeasures Risk Control Policy Development Factors Policy Development Page 7 of 8

8 Chapter 7: Data Storage Technologies Introduction to Data Storage Technologies Network Attached Storage (NAS) Direct Attached Storage (DAS) Storage Area Network (SAN) Chapter 8: Disaster Recovery Services and Tools Introduction to Disaster Recovery Services and Tools Why Back Up Data? Preventing Data Loss Developing an Effective Data Backup Strategy Backup Techniques Backup Schedules Removable Backup Media Potential Risks Challenges in Backup and Recovery Backup and Recovery Checklist Testing Data Recovery Data Backup and Recovery Tools Off-Site Data Backup Enterprise Backup Tools Chapter 9: Certification and Accreditation of Information Systems Introduction to Certification and Accreditation of Information Systems Certification and Accreditation Approval to Operate (ATO) Security Page 8 of 8