NUMBER: IA-643 CREDIT HOURS: 3 PREREQUISITE: IA

Similar documents
Certified Information Security Manager (CISM)

SECURITY. Risk & Compliance Services

Business Continuity Plan

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Business Continuity / Disaster Recovery Context

Desktop Scenario Self Assessment Exercise Page 1

Domain 1 The Process of Auditing Information Systems

Disaster Recovery Plan The Business Imperatives

University of Central Florida Class Specification Administrative and Professional. Information Security Officer

Unit Guide to Business Continuity/Resumption Planning

GEARS Cyber-Security Services

Virginia Commonwealth University School of Medicine Information Security Standard

The PNC Financial Services Group, Inc. Business Continuity Program

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Business Continuity Planning in IT

The PNC Financial Services Group, Inc. Business Continuity Program

Principles for BCM requirements for the Dutch financial sector and its providers.

Business Continuity Planning and Disaster Recovery Planning

NEEDS BASED PLANNING FOR IT DISASTER RECOVERY

Business Continuity and Disaster Recovery Planning from an Information Technology Perspective

Information Systems and Tech (IST)

Business Continuity Management

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

How to measure your business resiliency

Overview of how to test a. Business Continuity Plan

Business Continuity and Disaster Planning

Data Security Incident Response Plan. [Insert Organization Name]

TRENDS IN BUSINESS CONTINUITY AND CRISIS COMMUNICATIONS SURVEY

ILLINOIS INSTITUTE OF TECHNOLOGY School of Applied Technology. Dave Wallenberg, Mario Russo and Batchum Mataruke Edited by Ray Trygstad

PBSi Business Continuity Planning

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

SCADA Business Continuity and Disaster Recovery. Presented By: William Biehl, P.E (mobile)

Business Resiliency Business Continuity Management - January 14, 2014

Information Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus

Why Should Companies Take a Closer Look at Business Continuity Planning?

Information Technology Engineers Examination. Information Security Specialist Examination. (Level 4) Syllabus

Temple university. Auditing a business continuity management BCM. November, 2015

Contingency Planning and Disaster Recovery for BOMA

Val-EdTM. Valiant Technologies Education & Training Services. 2-day Workshop on Business Continuity & Disaster Recovery Planning

D2-02_01 Disaster Recovery in the modern EPU

BSBCCO501B Develop business continuity strategy

TCOM 562 Network Security Fundamentals

Company Management System. Business Continuity in SIA

CIS 523/423 Disaster Recovery Business Continuity

Ohio Conference for Payroll Professionals Disaster Recovery

Application / Hardware - Business Impact Analysis Template. MARC Configuration Requirements. Business Impact Analysis

DISASTER RECOVERY PLANNING GUIDE

Proposal for Business Continuity Plan and Management Review 6 August 2008

A BCP Tale: From Theory to Practice

v. 03/03/2015 Page ii

CRISC Glossary. Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

Business Continuity Planning (800)

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

Business Continuity in Healthcare

Stellenbosch University. Information Security Regulations

NIST SP , Revision 1 Contingency Planning Guide for Federal Information Systems

Introduction to Cyber Security / Information Security

CISM ITEM DEVELOPMENT GUIDE

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

BUSINESS CONTINUITY PLANNING

BUSINESS CONTINUITY PLAN OVERVIEW

Q uick Guide to Disaster Recovery Planning An ITtoolkit.com White Paper

Course Title: ITAP 3471: Web Server Management

November 2007 Recommendations for Business Continuity Management (BCM)

Interactive-Network Disaster Recovery

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Security+ P a g e 1 of 5. 5-Day Instructor Led Course

IT Networking and Security

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Best Practices in Disaster Recovery Planning and Testing

CTR System Report FISMA

NCUA LETTER TO CREDIT UNIONS

HIPAA Security. 2 Security Standards: Administrative Safeguards. Security Topics

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

Disaster Recovery Policy

Report on CAP Cybersecurity November 5, 2015

Computer and Information Science

Services Providers. Ivan Soto

Documentation. Disclaimer

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

Security + Certification (ITSY 1076) Syllabus

IT Disaster Recovery and Business Resumption Planning Standards

Yale University Business Continuity Planning (BCP) Quick Start Guide

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

Developing a Business Continuity Plan... More Than Disaster

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

DISASTER RECOVERY Steps You Need to Take (Before It s Too Late)

The University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1

Transcription:

Syllabus COURSE TITLE: Disaster Recovery and Business Continuity COURSE NUMBER: IA-643 CREDIT HOURS: 3 PREREQUISITE: IA 642 Enterprise Security IA 622 Risk Vulnerability Physical Assessment Course Description: Disaster Recovery and Business Continuity, a strategic imperative and a competitive advantage in an environment where you must plan for the unexpected, maintain operations, and meet regulatory demands. Course also covers recovery time and recovery point objectives (RTO and RPO. Built upon the concepts of risk analysis and business impact planning, this course is designed to provide a foundation and guide to coordinated organizational emergency response and event management during and after a disruptive occurrence. Course Objectives: Upon successful completion of this course, students should be able to: 1. Identify the core pieces and functions of an integrated, effective, corporate business continuity program 2. Describe key Business Continuity terms and concepts, such as: determining critical business functions, the "MARC" (minimum acceptable recovery configuration), Recovery Time Objectives, Recovery Point Objectives, Recovery Time Capabilities, information technology disaster recovery technical solution designs standards and practices 3. Understand how to effectively determine business unit business resumption requirements for loss of workspace, loss of information technology, and loss of personnel. 4. Understand how to approach crafting effective information technology recovery time capabilities for key systems that will meet business units' stated needs, and how to address "the gap" which may be discovered between business units' information technology recovery requirements and available money or capabilities 5. Understand the core quality control concepts surrounding the development and use of scorecards in evaluating business resumption and disaster recovery plans, and standardized objective metrics in information technology testing Unit 1: Course Intro and Asset Identification Chapter 1 IR/DR 1.1 Course Intro and Review 1.2 Critical Asset Identification 1.21 Tangible/Physical Assets 1.22 Intangible/Logical Assets 1.3 Asset Valuation 1.4 Baseline Creation 1.5 Understanding Asset Ranking in Incident Response vs. Disaster Recovery

Unit 2: Introduction to Risk Management Chapter1 IR/DR Chapter 62 CSH 2.1 Overview of the Risk Management Process 2.2 Risk 2.3 Risk Assessment Process 2.4 Risk Management 2.5 Residual Risk 2.6 Risk Control and Acceptance Unit 3: Threat Chapter 1, 2 IR/DR Chapter 12, 13, 14, 22 CSH 3.1 Threats 3.2 Environmental/Natural Threat 3.3 Human Threats 3.31 Error 3.32 The Insider 3.33 Sabotage 3.34 Social Engineering 3.4 Hardware/Software Failure 3.5 Attacks 3.51 Software Attacks 3.52 Viruses 3.53 Worms 3.54 Backdoors and Trapdoors 3.55 Denial of Service 3.6 Theft 3.7 Threat Analysis 3.8 Threat Assessment Unit 4: Vulnerabilities Chapter 4.1 Vulnerabilities 4.2 Vulnerability Analysis 4.3 Vulnerability Management 4.4 Network Vulnerabilities 4.5 Technical Vulnerabilities Unit 5: Planning for Organizational Readiness Chapter 2 IR/DR 5.1 Contingency Planning Process 5.11 Beginning the CP Process 5.12 Elements to Begin Contingency Planning 5.2 Contingency Planning Policy 5.3 Business Impact Analysis 5.4 Business Impact Analysis Data Collection

5.5 Budget Planning for BIA 5.51 Incident Response Budgeting 5.52 Disaster Recovery Budgeting 5.53 Business Continuity Budgeting 5.54 Crisis Management Budgeting Unit 6: Incident Response Chapter 3, 4, 5 IR/DR 6.1 Preparing for Incident Response 6.2 Incident Response Policy 6.3 Building the Security Incident Response Team 6.4 Incident Response Planning 6.41 During the Incident 6.42 After the Incident 6.43 Before the Incident 6.5 Assembling and Maintaining the Final Incident Response Plan 6.6 Detecting Incidents 6.7 Intrusion Detection Systems 6.8 Incident Decision Making 6.9 Reaction 6.10 Recovery from Incidents 6.11 Maintenance 6.12 Intrusion Forensics 6.121 Chain of Custody 6.13 Managing Evidentiary Data in an Electronic Environment Unit 7: Contingency Strategies for Business Resumption Planning Chapter 6 IR/DR 7.1 Data and Application Resumption 7.2 Site Resumption Strategies 7.21 Exclusive Site Resumption Strategies 7.22 Shared Site Resumption Strategies 7.23 Service Agreements Unit 8: Disaster Recovery Chapter 7, 8 IR/DR 8.1 Disaster Classifications 8.2 Forming the Disaster Recovery Team 8.3 Disaster Planning Functions 8.4 Technical Contingency Planning Considerations 8.5 Resumption Phase 8.6 Restoration Phase 8.7 Facing Key Challenges 8.8 Preparation: Training the DR Team and the Users 8.9 Disaster Response Phase 8.10 Recovery Phase

8.11 Resumption Phase 8.12 Restoration Phase 8.13 Simulation Exercise-Sample Disaster Recovery Plans Unit 9: Business Continuity Chapter 9, 10 IR/DR 9.1 Elements of Business Continuity 9.2 The Business Continuity Team 9.3 Business Continuity Policy and Plan Functions 9.4 Creating an Effective BC Plan/Policy 9.5 Implementing the BC Plan 9.6 Continuous Improvement of the BC Process 9.7 Maintaining the BC Plan 9.8 Simulation Exercise-Sample Business Continuity Plans Unit 10: Crisis Management Chapter 11 IR/DR 10.1 Crisis Management in the Organization 10.2 Preparing for Crisis Management 10.3 Post-Crisis Trauma 10.4 Getting People Back to Work 10.5 Law Enforcement Involvement 10.6 Managing Crisis Communications 10.7 Succession Planning Unit 11: Site Planning Simulation Exercise Students, in a team, will develop a full Site Plan for a fictitious organization. Details will be provided by the Instructor. Site Planning Simulation Exercise: The final project will be developed in teams, with each Team Leader giving an oral presentation to the class. Each team will be assigned a unique Organization/Location for which a Business Impact Analysis, Incident Response, Business Continuity and Disaster Recovery Plan will need to be developed. Each student will write a portion of the team report and will be responsible for his or her contribution to the overall project. Each team will provide a final written report identifying each team member s individual contribution, as well as their findings. The focus of the final project is to develop a complete Business Continuity/Disaster Recovery Plan, as well as an Incident Response Plan and Business Impact Analysis, utilizing the materials presented in class. Things to consider: Size Line of business Number and types of locations Risks to the organization

Final Project Documentation: A complete project with two hard paper copies must be submitted as a total business document, including a copy of the PowerPoint presentation. All projects must be secured in a lightweight binder. Due: Accepted only during the class session during which you present your project. Print all components of the finished project, tables, queries, forms and reports. These should be assembled in logical order. Grading will also be based on correctness and accuracy of work, content, professionalism and other factors emphasized in the course. The project must be complete when turned in. **The instructor reserves the right to make any additions/deletions or changes to this syllabus as deemed necessary.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information