Assignment 1: Continuity Planning Overview Due Week 2 and worth 75 points Suppose you were recently hired for a new initiative as a business continuity lead / manager at a medium-sized healthcare company. You have been asked to prepare a presentation to the Board of Directors on

By /

Assignment 1: Continuity Planning Overview

Due Week 2 and worth 75 points

 

Suppose you were recently hired for a new initiative as a business continuity lead / manager at a medium-sized healthcare company. You have been asked to prepare a presentation to the Board of Directors on your main duties for the company and how your position could help protect the business in case of a large-scale incident or disaster. You have been alerted that since this is a new initiative and could come with a potentially large price tag, there is skepticism from some of the Board members.

 

Write a three to four (3-4) page paper in which you:

  1. Explain the basic primary tasks, ongoing evaluations, and major policy and procedural changes that would be needed to perform as the BC lead / manager.
  2. Provide insight on how to plan the presentation to garner management and Board buy-in for those who are skeptical.
  3. Discuss the first four (4) high-level activities that would be necessary in starting this initiative in the right direction and describe the potential pitfalls of each.
  4. Speculate on the most comprehensive and / or critical challenge(s) in the infancy of this initiative and explain how to overcome that challenge(s).
  5. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

 

Your assignment must follow these formatting requirements:

  • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
  • Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

 

The specific course learning outcomes associated with this assignment are:

  • Compare and contrast the methods of disaster recovery and business continuity.
  • Explain risk management in the context of information security.
  • Use technology and information resources to research issues in disaster recovery.
  • Write clearly and concisely about disaster recovery topics using proper writing mechanics and technical style conventions.

 

Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using the following rubric.

Points: 75 Assignment 1: Continuity Planning Overview
Criteria  

Unacceptable

Below 60% F

 Meets Minimum Expectations

60-69% D

  

Fair

70-79% C

  

Proficient

80-89% B

  

Exemplary

90-100% A
1. Explain the basic primary tasks, ongoing evaluations, and major policy and procedural changes that would be needed to perform as the BC lead / manager.

Weight: 20%

 Did not submit or incompletely explained the basic primary tasks, ongoing evaluations, and major policy and procedural changes that would be needed to perform as the BC lead / manager. Insufficiently explained the basic primary tasks, ongoing evaluations, and major policy and procedural changes that would be needed to perform as the BC lead / manager. Partially explained the basic primary tasks, ongoing evaluations, and major policy and procedural changes that would be needed to perform as the BC lead / manager. Satisfactorily explained the basic primary tasks, ongoing evaluations, and major policy and procedural changes that would be needed to perform as the BC lead / manager. Thoroughly explained the basic primary tasks, ongoing evaluations, and major policy and procedural changes that would be needed to perform as the BC lead / manager.
2. Provide insight on how to plan the presentation to garner management and Board buy-in for those who are skeptical.
Weight: 20%		 Did not submit or incompletely provided insight on how to plan the presentation to garner management and Board buy-in for those who are skeptical. Insufficiently provided insight on how to plan the presentation to garner management and Board buy-in for those who are skeptical. Partially provided insight on how to plan the presentation to garner management and Board buy-in for those who are skeptical. Satisfactorily provided insight on how to plan the presentation to garner management and Board buy-in for those who are skeptical. Thoroughly provided insight on how to plan the presentation to garner management and Board buy-in for those who are skeptical.
3. Discuss the first four (4) high-level activities that would be necessary in starting this initiative in the right direction and describe the potential pitfalls of each.

Weight: 25%

 Did not submit or incompletely discussed the first four (4) high-level activities that would be necessary in starting this initiative in the right direction and did not submit or incompletely described the potential pitfalls of each. Insufficiently discussed the first four (4) high-level activities that would be necessary in starting this initiative in the right direction and insufficiently described the potential pitfalls of each. Partially discussed the first four (4) high-level activities that would be necessary in starting this initiative in the right direction and partially described the potential pitfalls of each. Satisfactorily discussed the first four (4) high-level activities that would be necessary in starting this initiative in the right direction and satisfactorily described the potential pitfalls of each. Thoroughly discussed the first four (4) high-level activities that would be necessary in starting this initiative in the right direction and thoroughly described the potential pitfalls of each.
4. Speculate on the most comprehensive and / or critical challenge(s) in the infancy of this initiative and explain how to overcome that challenge(s).

Weight: 20%

 Did not submit or incompletely speculated on the most comprehensive and / or critical challenge(s) in the infancy of this initiative and did not submit or incompletely explained how to overcome that challenge(s). Insufficiently speculated on the most comprehensive and / or critical challenge(s) in the infancy of this initiative and insufficiently explained how to overcome that challenge(s). Partially speculated on the most comprehensive and / or critical challenge(s) in the infancy of this initiative and partially explained how to overcome that challenge(s). Satisfactorily speculated on the most comprehensive and / or critical challenge(s) in the infancy of this initiative and satisfactorily explained how to overcome that challenge(s). Thoroughly speculated on the most comprehensive and / or critical challenge(s) in the infancy of this initiative and thoroughly explained how to overcome that challenge(s).
5. 3 references

Weight: 5%

 No references provided Does not meet the required number of references; all references poor quality choices. Does not meet the required number of references; some references poor quality choices. Meets number of required references; all references high quality choices. Exceeds number of required references; all references high quality choices.
6. Clarity, writing mechanics, and formatting requirements

Weight: 10%

 More than 8 errors present 7-8 errors present 5-6 errors present 3-4 errors present 0-2 errors present

Case Study 1: Stuxnet and U.S. Incident Response

Due Week 3 and worth 100 points

 

Read the article titled “When Stuxnet Hit the Homeland: Government Response to the Rescue,” from ABC News, located at http://abcnews.go.com/blogs/headlines/2012/06/when-stuxnet-hit-the-homeland-government-response-to-the-rescue/ and consider this threat in terms of incident response and recovery procedures.

 

Write a three to four (3-4) page paper in which you:

  1. Explain the role of US-CERT in protecting the nation’s industrial systems and analyze its efforts in relation to preparedness and incident and recovery management.
  2. Discuss the efforts of ICS-CERT specifically to the Stuxnet threat and examine its incident response efforts to mitigate this risk against U.S. industrial systems.
  3. With the sophistication of the primary sites of industrial system implementations, determine whether or not alternate sites (e.g., hot site) are feasible for organizations that utilize ICS technologies. Provide a rationale.
  4. Explain the high-level planning needed for an industrial systems organization that utilizes ICS technologies to prepare for attacks from cyber threats such as Stuxnet.
  5. Use at least four (4) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

 

Your assignment must follow these formatting requirements:

  • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
  • Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

 

The specific course learning outcomes associated with this assignment are:

  • Summarize the various types of disasters, response and recovery methods.
  • Describe detection and decision-making capabilities in incident response.
  • Use technology and information resources to research issues in disaster recovery.
  • Write clearly and concisely about disaster recovery topics using proper writing mechanics and technical style conventions.

 

Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using the following rubric.

Points: 100 Case Study 1: Stuxnet and U.S. Incident Response
Criteria  

Unacceptable

Below 60% F

 Meets Minimum Expectations

60-69% D

  

Fair

70-79% C

  

Proficient

80-89% B

  

Exemplary

90-100% A
1. Explain the role of US-CERT in protecting the nation’s industrial systems and analyze its efforts in relation to preparedness and incident and recovery management.

Weight: 20%

 Did not submit or incompletely explained the role of US-CERT in protecting the nation’s industrial systems and did not submit or incompletely analyzed its efforts in relation to preparedness and incident and recovery management. Insufficiently explained the role of US-CERT in protecting the nation’s industrial systems and insufficiently analyzed its efforts in relation to preparedness and incident and recovery management. Partially explained the role of US-CERT in protecting the nation’s industrial systems and partially analyzed its efforts in relation to preparedness and incident and recovery management. Satisfactorily explained the role of US-CERT in protecting the nation’s industrial systems and satisfactorily analyzed its efforts in relation to preparedness and incident and recovery management. Thoroughly explained the role of US-CERT in protecting the nation’s industrial systems and thoroughly analyzed its efforts in relation to preparedness and incident and recovery management.
2. Discuss the efforts of ICS-CERT specifically to the Stuxnet threat and examine its incident response efforts to mitigate this risk against U.S. industrial systems.
Weight: 25%		 Did not submit or incompletely discussed the efforts of ICS-CERT specifically to the Stuxnet threat and did not submit or incompletely examined its incident response efforts to mitigate this risk against U.S. industrial systems. Insufficiently discussed the efforts of ICS-CERT specifically to the Stuxnet threat and insufficiently examined its incident response efforts to mitigate this risk against U.S. industrial systems. Partially discussed the efforts of ICS-CERT specifically to the Stuxnet threat and partially examined its incident response efforts to mitigate this risk against U.S. industrial systems. Satisfactorily discussed the efforts of ICS-CERT specifically to the Stuxnet threat and satisfactorily examined its incident response efforts to mitigate this risk against U.S. industrial systems. Thoroughly discussed the efforts of ICS-CERT specifically to the Stuxnet threat and thoroughly examined its incident response efforts to mitigate this risk against U.S. industrial systems.
3. Determine whether or not alternate sites (e.g., hot site) are feasible for organizations that utilize ICS technologies. Provide a rationale.

Weight: 20%

 Did not submit or incompletely determined whether or not alternate sites (e.g., hot site) are feasible for organizations that utilize ICS technologies. Did not submit or incompletely provided a rationale. Insufficiently determined whether or not alternate sites (e.g., hot site) are feasible for organizations that utilize ICS technologies. Insufficiently provided a rationale. Partially determined whether or not alternate sites (e.g., hot site) are feasible for organizations that utilize ICS technologies. Partially provided a rationale. Satisfactorily determined whether or not alternate sites (e.g., hot site) are feasible for organizations that utilize ICS technologies. Satisfactorily provided a rationale. Thoroughly determined whether or not alternate sites (e.g., hot site) are feasible for organizations that utilize ICS technologies. Thoroughly provided a rationale.
4. Explain the high-level planning needed for an industrial systems organization that utilizes ICS technologies to prepare for attacks from cyber threats such as Stuxnet.

Weight: 20%

 Did not submit or incompletely explained the high-level planning needed for an industrial systems organization that utilizes ICS technologies to prepare for attacks from cyber threats such as Stuxnet. Insufficiently explained the high-level planning needed for an industrial systems organization that utilizes ICS technologies to prepare for attacks from cyber threats such as Stuxnet. Partially explained the high-level planning needed for an industrial systems organization that utilizes ICS technologies to prepare for attacks from cyber threats such as Stuxnet. Satisfactorily explained the high-level planning needed for an industrial systems organization that utilizes ICS technologies to prepare for attacks from cyber threats such as Stuxnet. Thoroughly explained the high-level planning needed for an industrial systems organization that utilizes ICS technologies to prepare for attacks from cyber threats such as Stuxnet.
5. 4 references

Weight: 5%

 No references provided Does not meet the required number of references; all references poor quality choices. Does not meet the required number of references; some references poor quality choices. Meets number of required references; all references high quality choices. Exceeds number of required references; all references high quality choices.
6. Clarity, writing mechanics, and formatting requirements

Weight: 10%

 More than 8 errors present 7-8 errors present 5-6 errors present 3-4 errors present 0-2 errors present

 

Assignment 2: Incident Response (IR) Revamp

Due Week 4 and worth 75 points

 

Imagine you have just taken over the manager position for your organization’s incident response team, after coming from another division in the company. Your first realization is that proper procedures, best practices, and sound technologies are not being utilized. You decide to revamp the team’s efforts.

 

Write a two to three (2-3) page paper in which you:

  1. Explicate the main efforts that would be included in the incident response efforts, including but not limited to personnel and team structure, tools and utilities, and proper procedures.
  2. Discuss in detail the role that an IDS / IPS would play in the IR efforts, and explain how these systems can assist in the event notification, determination, and escalation processes.
  3. Explain how the NIST SP800-61, Rev. 1 could assist the personnel in classifying incidents so each is identified appropriately and the proper incident-handling procedures are taken.
  4. Explain how the use of log management systems (e.g., Splunk) could be a legitimate and useful component of the IR efforts, and describe the potential issues that could arise if not utilized.
  5. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

 

Your assignment must follow these formatting requirements:

  • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
  • Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

 

The specific course learning outcomes associated with this assignment are:

  • Summarize the various types of disasters, response and recovery methods.
  • Describe detection and decision-making capabilities in incident response.
  • Use technology and information resources to research issues in disaster recovery.
  • Write clearly and concisely about disaster recovery topics using proper writing mechanics and technical style conventions.

 

Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using the following rubric.

Points: 75 Assignment 2: Incident Response (IR) Revamp
Criteria  

Unacceptable

Below 60% F

 Meets Minimum Expectations

60-69% D

  

Fair

70-79% C

  

Proficient

80-89% B

  

Exemplary

90-100% A
1. Explicate the main efforts that would be included in the incident response efforts, including but not limited to personnel and team structure, tools and utilities, and proper procedures.

Weight: 25%

 Did not submit or incompletely explicated the main efforts that would be included in the incident response efforts, including but not limited to personnel and team structure, tools and utilities, and proper procedures. Insufficiently explicated the main efforts that would be included in the incident response efforts, including but not limited to personnel and team structure, tools and utilities, and proper procedures. Partially explicated the main efforts that would be included in the incident response efforts, including but not limited to personnel and team structure, tools and utilities, and proper procedures. Satisfactorily explicated the main efforts that would be included in the incident response efforts, including but not limited to personnel and team structure, tools and utilities, and proper procedures. Thoroughly explicated the main efforts that would be included in the incident response efforts, including but not limited to personnel and team structure, tools and utilities, and proper procedures.
2. Discuss in detail the role that an IDS / IPS would play in the IR efforts and explain how these systems can assist in the event notification, determination, and escalation processes.
Weight: 20%		 Did not submit or incompletely discussed in detail the role that an IDS / IPS would play in the IR efforts and did not submit or incompletely explained how these systems can assist in the event notification, determination, and escalation processes. Insufficiently discussed in detail the role that an IDS / IPS would play in the IR efforts and insufficiently explained how these systems can assist in the event notification, determination, and escalation processes. Partially discussed in detail the role that an IDS / IPS would play in the IR efforts and partially explained how these systems can assist in the event notification, determination, and escalation processes. Satisfactorily discussed in detail the role that an IDS / IPS would play in the IR efforts and satisfactorily explained how these systems can assist in the event notification, determination, and escalation processes. Thoroughly discussed in detail the role that an IDS / IPS would play in the IR efforts and thoroughly explained how these systems can assist in the event notification, determination, and escalation processes.
3. Explain how the NIST SP800-61, Rev. 1 could assist the personnel in classifying incidents so each is identified appropriately and the proper incident-handling procedures are taken.

Weight: 25%

 Did not submit or incompletely explained how the NIST SP800-61, Rev. 1 could assist the personnel in classifying incidents so each is identified appropriately and the proper incident-handling procedures are taken. Insufficiently explained how the NIST SP800-61, Rev. 1 could assist the personnel in classifying incidents so each is identified appropriately and the proper incident-handling procedures are taken. Partially explained how the NIST SP800-61, Rev. 1 could assist the personnel in classifying incidents so each is identified appropriately and the proper incident-handling procedures are taken. Satisfactorily explained how the NIST SP800-61, Rev. 1 could assist the personnel in classifying incidents so each is identified appropriately and the proper incident handling procedures are taken. Thoroughly explained how the NIST SP800-61, Rev. 1 could assist the personnel in classifying incidents so each is identified appropriately and the proper incident-handling procedures are taken.
4. Explain how the use of log management systems (e.g., Splunk) could be a legitimate and useful component of the IR efforts and describe the potential issues that could arise if not utilized.

Weight: 15%

 Did not submit or incompletely explained how the use of log management systems (e.g., Splunk) could be a legitimate and useful component of the IR efforts and did not submit or incompletely described the potential issues that could arise if not utilized. Insufficiently explained how the use of log management systems (e.g., Splunk) could be a legitimate and useful component of the IR efforts and insufficiently described the potential issues that could arise if not utilized. Partially explained how the use of log management systems (e.g., Splunk) could be a legitimate and useful component of the IR efforts and partially described the potential issues that could arise if not utilized. Satisfactorily explained how the use of log management systems (e.g., Splunk) could be a legitimate and useful component of the IR efforts and satisfactorily described the potential issues that could arise if not utilized. Thoroughly explained how the use of log management systems (e.g., Splunk) could be a legitimate and useful component of the IR efforts and thoroughly described the potential issues that could arise if not utilized.
5. 3 references

Weight: 5%

 No references provided Does not meet the required number of references; all references poor quality choices. Does not meet the required number of references; some references poor quality choices. Meets number of required references; all references high quality choices. Exceeds number of required references; all references high quality choices.
6. Clarity, writing mechanics, and formatting requirements

Weight: 10%

 More than 8 errors present 7-8 errors present 5-6 errors present 3-4 errors present 0-2 errors present

 

Assignment 3: Incident Response (IR) Strategic Decisions

Due Week 6 and worth 75 points

 

Suppose that you have been alerted of a potential incident involving a suspected worm spreading via buffer overflow techniques, compromising Microsoft IIS Web servers. As the IR Team leader, it is your responsibility to determine the next steps.

 

Write a two to three (2-3) page paper in which you:

  1. Explain in detail the initial steps that would need to be made by you and the IR team in order to respond to this potential incident.
  2. Construct a process-flow diagram that illustrates the process of determining the incident containment strategy that would be used in this scenario, and identify which containment strategy would be appropriate in this case, through the use of graphical tools in Visio, or an open source alternative such as Dia. Note: The graphically depicted solution is not included in the required page length.
  3. Construct a process flow diagram to illustrate the process(es) for determining if / when notification of the incident should be relayed to upper management, and explain how those communications should be structured and relayed through the use of graphical tools in Visio, or an open source alternative such as Dia. Note: The graphically depicted solution is not included in the required page length.
  4. Detail the incident recovery processes for the resolution of this incident.
  5. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

 

Your assignment must follow these formatting requirements:

  • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
  • Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

 

The specific course learning outcomes associated with this assignment are:

  • Summarize the various types of disasters, response and recovery methods.
  • Develop techniques for different disaster scenarios.
  • Use technology and information resources to research issues in disaster recovery.
  • Write clearly and concisely about disaster recovery topics using proper writing mechanics and technical style conventions.

 

Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using the following rubric.

Points: 75 Assignment 3: Incident Response (IR) Strategic Decisions
Criteria  

Unacceptable

Below 60% F

 Meets Minimum Expectations

60-69% D

  

Fair

70-79% C

  

Proficient

80-89% B

  

Exemplary

90-100% A
1. Explain in detail the initial steps that would need to be made by you and the IR team in order to respond to this potential incident.

Weight: 15%

 Did not submit or incompletely explained in detail the initial steps that would need to be made by you and the IR team in order to respond to this potential incident. Insufficiently explained in detail the initial steps that would need to be made by you and the IR team in order to respond to this potential incident. Partially explained in detail the initial steps that would need to be made by you and the IR team in order to respond to this potential incident. Satisfactorily explained in detail the initial steps that would need to be made by you and the IR team in order to respond to this potential incident. Thoroughly explained in detail the initial steps that would need to be made by you and the IR team in order to respond to this potential incident.
2. Construct a process-flow diagram that illustrates the process of determining the incident containment strategy that would be used in this scenario, and identify which containment strategy would be appropriate in this case, through the use of graphical tools in Visio, or an open source alternative such as Dia.
Weight: 25%		 Did not submit or incompletely constructed a process-flow diagram that illustrates the process of determining the incident containment strategy that would be used in this scenario, and did not submit or incompletely identified which containment strategy would be appropriate in this case, through the use of graphical tools in Visio, or an open source alternative such as Dia. Insufficiently constructed a process-flow diagram that illustrates the process of determining the incident containment strategy that would be used in this scenario, and insufficiently identified which containment strategy would be appropriate in this case, through the use of graphical tools in Visio, or an open source alternative such as Dia. Partially constructed a process-flow diagram that illustrates the process of determining the incident containment strategy that would be used in this scenario, and partially identified which containment strategy would be appropriate in this case, through the use of graphical tools in Visio, or an open source alternative such as Dia. Satisfactorily constructed a process-flow diagram that illustrates the process of determining the incident containment strategy that would be used in this scenario, and satisfactorily identified which containment strategy would be appropriate in this case, through the use of graphical tools in Visio, or an open source alternative such as Dia. Thoroughly constructed a process-flow diagram that illustrates the process of determining the incident containment strategy that would be used in this scenario, and thoroughly identified which containment strategy would be appropriate in this case, through the use of graphical tools in Visio, or an open source alternative such as Dia.
3. Construct a process flow diagram to illustrate the process(es) for determining if / when notification of the incident should be relayed to upper management, and explain how those communications should be structured and relayed through the use of graphical tools in Visio, or an open source alternative such as Dia.

Weight: 25%

 Did not submit or incompletely constructed a process flow diagram to illustrate the process(es) for determining if / when notification of the incident should be relayed to upper management, and did not submit or incompletely explained how those communications should be structured and relayed through the use of graphical tools in Visio, or an open source alternative such as Dia. Insufficiently constructed a process flow diagram to illustrate the process(es) for determining if / when notification of the incident should be relayed to upper management, and insufficiently explained how those communications should be structured and relayed through the use of graphical tools in Visio, or an open source alternative such as Dia. Partially constructed a process flow diagram to illustrate the process(es) for determining if / when notification of the incident should be relayed to upper management, and partially explained how those communications should be structured and relayed through the use of graphical tools in Visio, or an open source alternative such as Dia. Satisfactorily constructed a process flow diagram to illustrate the process(es) for determining if / when notification of the incident should be relayed to upper management, and satisfactorily explained how those communications should be structured and relayed through the use of graphical tools in Visio, or an open source alternative such as Dia. Thoroughly constructed a process flow diagram to illustrate the process(es) for determining if / when notification of the incident should be relayed to upper management, and thoroughly explained how those communications should be structured and relayed through the use of graphical tools in Visio, or an open source alternative such as Dia.
4. Detail the incident recovery processes for the resolution of this incident.

Weight: 20%

 Did not submit or incompletely detailed the incident recovery processes for the resolution of this incident. Insufficiently detailed the incident recovery processes for the resolution of this incident. Partially detailed the incident recovery processes for the resolution of this incident. Satisfactorily detailed the incident recovery processes for the resolution of this incident. Thoroughly detailed the incident recovery processes for the resolution of this incident.
5. 3 references

Weight: 5%

 No references provided Does not meet the required number of references; all references poor quality choices. Does not meet the required number of references; some references poor quality choices. Meets number of required references; all references high quality choices. Exceeds number of required references; all references high quality choices.
6. Clarity, writing mechanics, and formatting requirements

Weight: 10%

 More than 8 errors present 7-8 errors present 5-6 errors present 3-4 errors present 0-2 errors present

 

Case Study 2: Disaster Recovery (DR) Lessons Learned: September 11th

Due Week 7 and worth 100 points

 

Read the article titled “9/11: Top lessons learned for disaster recovery,” from Computerworld.com, located at http://www.computerworld.com/s/article/9219867/9_11_Top_lessons_learned_for_disaster_recovery , and consider the effects the attacks of September 11, 2001, have had on technology recovery efforts.

 

Write a two to four (2-4) page paper in which you:

  1. Explain how the attacks affected risk management in organizations and have prompted an increased justification for recovery-based objectives, initiatives, and expenditures.
  2. Analyze the use of social media and other current methods of communication for emergency notifications during an incident or disaster situation.
  3. Determine whether or not organizations need to consider distanced geographic locations when preparing for backup operations / data centers, and determine the effects that recovery point objectives (RPO) and recovery time objectives (RTO) have on these decisions.
  4. Evaluate the use of cloud services as tools for recovery operations within an organization, and explain how they could increase or decrease the effectiveness of recovery operations.
  5. Determine whether or not cloud services are ideal recovery options for organizations regardless of their size. Provide a rationale to support the answer.
  6. Use at least four (4) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

 

Your assignment must follow these formatting requirements:

  • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
  • Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

 

The specific course learning outcomes associated with this assignment are:

  • Explain risk management in the context of information security.
  • Summarize the various types of disasters, response and recovery methods.
  • Compare and contrast the methods of disaster recovery and business continuity.
  • Explain and develop a business continuity plan to address unforeseen incidents.
  • Develop techniques for different disaster scenarios.
  • Use technology and information resources to research issues in disaster recovery.
  • Write clearly and concisely about disaster recovery topics using proper writing mechanics and technical style conventions.

 

Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using the following rubric.

Points: 100 Case Study 2: Disaster Recovery (DR) Lessons Learned: September 11th
Criteria  

Unacceptable

Below 60% F

 Meets Minimum Expectations

60-69% D

  

Fair

70-79% C

  

Proficient

80-89% B

  

Exemplary

90-100% A
1. Explain how the attacks affected risk management in organizations and have prompted an increased justification for recovery-based objectives, initiatives, and expenditures.

Weight: 15%

 Did not submit or incompletely explained how the attacks affected risk management in organizations and have prompted an increased justification for recovery-based objectives, initiatives, and expenditures. Insufficiently explained how the attacks affected risk management in organizations and have prompted an increased justification for recovery-based objectives, initiatives, and expenditures. Partially explained how the attacks affected risk management in organizations and have prompted an increased justification for recovery-based objectives, initiatives, and expenditures. Satisfactorily explained how the attacks affected risk management in organizations and have prompted an increased justification for recovery-based objectives, initiatives, and expenditures. Thoroughly explained how the attacks affected risk management in organizations and have prompted an increased justification for recovery-based objectives, initiatives, and expenditures.
2. Analyze the use of social media and other current methods of communication for emergency notifications during an incident or disaster situation.
Weight: 15%		 Did not submit or incompletely analyzed the use of social media and other current methods of communication for emergency notifications during an incident or disaster situation. Insufficiently analyzed the use of social media and other current methods of communication for emergency notifications during an incident or disaster situation. Partially analyzed the use of social media and other current methods of communication for emergency notifications during an incident or disaster situation. Satisfactorily analyzed the use of social media and other current methods of communication for emergency notifications during an incident or disaster situation. Thoroughly analyzed the use of social media and other current methods of communication for emergency notifications during an incident or disaster situation.
3. Determine whether or not organizations need to consider distanced geographic locations when preparing for backup operations / data centers and determine the effects that recovery point objectives (RPO) and recovery time objectives (RTO) have on these decisions.

Weight: 20%

 Did not submit or incompletely determined whether or not organizations need to consider distanced geographic locations when preparing for backup operations / data centers and did not submit or incompletely determined the effects that recovery point objectives (RPO) and recovery time objectives (RTO) have on these decisions. Insufficiently determined whether or not organizations need to consider distanced geographic locations when preparing for backup operations / data centers and insufficiently determined the effects that recovery point objectives (RPO) and recovery time objectives (RTO) have on these decisions. Partially determined whether or not organizations need to consider distanced geographic locations when preparing for backup operations / data centers and partially determined the effects that recovery point objectives (RPO) and recovery time objectives (RTO) have on these decisions. Satisfactorily determined whether or not organizations need to consider distanced geographic locations when preparing for backup operations / data centers and satisfactorily determined the effects that recovery point objectives (RPO) and recovery time objectives (RTO) have on these decisions. Thoroughly determined whether or not organizations need to consider distanced geographic locations when preparing for backup operations / data centers and thoroughly determined the effects that recovery point objectives (RPO) and recovery time objectives (RTO) have on these decisions.
4. Evaluate the use of cloud services as tools for recovery operations within an organization and explain how they could increase or decrease the effectiveness of recovery operations.

Weight: 20%

 Did not submit or incompletely evaluated the use of cloud services as tools for recovery operations within an organization and did not submit or incompletely explained how they could increase or decrease the effectiveness of recovery operations. Insufficiently evaluated the use of cloud services as tools for recovery operations within an organization and insufficiently explained how they could increase or decrease the effectiveness of recovery operations. Partially evaluated the use of cloud services as tools for recovery operations within an organization and partially explained how they could increase or decrease the effectiveness of recovery operations. Satisfactorily evaluated the use of cloud services as tools for recovery operations within an organization and satisfactorily explained how they could increase or decrease the effectiveness of recovery operations. Thoroughly evaluated the use of cloud services as tools for recovery operations within an organization and thoroughly explained how they could increase or decrease the effectiveness of recovery operations.
5. Determine whether or not cloud services are ideal recovery options for organizations regardless of their size. Provide a rationale to support the answer.

Weight: 15%

 Did not submit or incompletely determined whether or not cloud services are ideal recovery options for organizations regardless of their size. Did not submit or incompletely provided a rationale to support the answer. Insufficiently determined whether or not cloud services are ideal recovery options for organizations regardless of their size. Insufficiently provided a rationale to support the answer. Partially determined whether or not cloud services are ideal recovery options for organizations regardless of their size. Partially provided a rationale to support the answer. Satisfactorily determined whether or not cloud services are ideal recovery options for organizations regardless of their size. Satisfactorily provided a rationale to support the answer. Thoroughly determined whether or not cloud services are ideal recovery options for organizations regardless of their size. Thoroughly provided a rationale to support the answer.
6. 4 references

Weight: 5%

 No references provided Does not meet the required number of references; all references poor quality choices. Does not meet the required number of references; some references poor quality choices. Meets number of required references; all references high quality choices. Exceeds number of required references; all references high quality choices.
7. Clarity, writing mechanics, and formatting requirements

Weight: 10%

 More than 8 errors present 7-8 errors present 5-6 errors present 3-4 errors present 0-2 errors present

 

Assignment 4: Disaster Recovery (DR) Team

Due Week 8 and worth 75 points

 

Consider a scenario where the contingency planning management team (CPMT) of your organization has designated you as the disaster recovery team leader, and the preparation and planning of this component of the security program is now under your purview with a team of 11 employees including yourself.

 

Write a two to three (2-3) page paper in which you:

  1. Detail the DR team roles, responsibilities, and sub teams that would be implemented, and construct an organizational chart for the team through the use of graphical tools in Visio, or an open source alternative such as Dia. Note: The graphically depicted solution is not included in the required page length.
  2. Describe the proper procedures and policies that would be implemented specific to the DR team personnel as well as special equipment that would be required.
  3. Draft an executive summary to the DR plan and explain the purpose of the plan and high-level specifics for upper management.
  4. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

 

Your assignment must follow these formatting requirements:

  • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
  • Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
  • Include charts or diagrams created in Visio or Dia. The completed diagrams / charts must be imported into the Word document before the paper is submitted.

 

The specific course learning outcomes associated with this assignment are:

  • Develop a disaster recovery plan for an organization.
  • Compare and contrast the methods of disaster recovery and business continuity.
  • Develop techniques for different disaster scenarios.
  • Use technology and information resources to research issues in disaster recovery.
  • Write clearly and concisely about disaster recovery topics using proper writing mechanics and technical style conventions.

 

Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using the following rubric.

Points: 75 Assignment 4: Disaster Recovery (DR) Team
Criteria  

Unacceptable

Below 60% F

 Meets Minimum Expectations

60-69% D

  

Fair

70-79% C

  

Proficient

80-89% B

  

Exemplary

90-100% A
1. Detail the DR team roles, responsibilities, and sub teams that would be implemented and construct an organizational chart for the team through the use of graphical tools in Visio, or an open source alternative such as Dia.

Weight: 35%

 Did not submit or incompletely detailed the DR team roles, responsibilities, and sub teams that would be implemented and did not submit or incompletely constructed an organizational chart for the team through the use of graphical tools in Visio, or an open source alternative such as Dia. Insufficiently detailed the DR team roles, responsibilities, and sub teams that would be implemented and insufficiently constructed an organizational chart for the team through the use of graphical tools in Visio, or an open source alternative such as Dia. Partially detailed the DR team roles, responsibilities, and sub teams that would be implemented and partially constructed an organizational chart for the team through the use of graphical tools in Visio, or an open source alternative such as Dia. Satisfactorily detailed the DR team roles, responsibilities, and sub teams that would be implemented and satisfactorily constructed an organizational chart for the team through the use of graphical tools in Visio, or an open source alternative such as Dia. Thoroughly detailed the DR team roles, responsibilities, and sub teams that would be implemented and thoroughly constructed an organizational chart for the team through the use of graphical tools in Visio, or an open source alternative such as Dia.
2. Describe the proper procedures and policies that would be implemented specific to the DR team personnel as well as special equipment that would be required.
Weight: 25%		 Did not submit or incompletely described the proper procedures and policies that would be implemented specific to the DR team personnel as well as special equipment that would be required. Insufficiently described the proper procedures and policies that would be implemented specific to the DR team personnel as well as special equipment that would be required. Partially described the proper procedures and policies that would be implemented specific to the DR team personnel as well as special equipment that would be required. Satisfactorily described the proper procedures and policies that would be implemented specific to the DR team personnel as well as special equipment that would be required. Thoroughly described the proper procedures and policies that would be implemented specific to the DR team personnel as well as special equipment that would be required.
3. Draft an executive summary to the DR plan and explain the purpose of the plan and high-level specifics for upper management.

Weight: 25%

 Did not submit or incompletely drafted an executive summary to the DR plan and did not submit or incompletely explained the purpose of the plan and high-level specifics for upper management. Insufficiently drafted an executive summary to the DR plan and insufficiently explained the purpose of the plan and high-level specifics for upper management. Partially drafted an executive summary to the DR plan and partially explained the purpose of the plan and high-level specifics for upper management. Satisfactorily drafted an executive summary to the DR plan and satisfactorily explained the purpose of the plan and high-level specifics for upper management. Thoroughly drafted an executive summary to the DR plan and thoroughly explained the purpose of the plan and high-level specifics for upper management.
4. 3 references

Weight: 5%

 No references provided Does not meet the required number of references; all references poor quality choices. Does not meet the required number of references; some references poor quality choices. Meets number of required references; all references high quality choices. Exceeds number of required references; all references high quality choices.
5. Clarity, writing mechanics, and formatting requirements

Weight: 10%

 More than 8 errors present 7-8 errors present 5-6 errors present 3-4 errors present 0-2 errors present

 

Term Paper: Contingency Planning in Action

Due Week 10 and worth 200 points

 

Create a hypothetical organization with details including geographic location(s), number of employees in each location, primary business functions, operational and technology details, potential threats to the business and its technology, and anything else that you believe is relevant to the business.

 

Assume this organization is lacking in its contingency planning efforts and requires assistance in ensuring these efforts are appropriately addressed to increase its overall security and preparedness posture.

 

Write a ten to fifteen (10-15) page paper in which you:

  1. Provide an overview of the organization and indicate why contingency planning efforts are needed and how these efforts could benefit the business.
  2. Develop a full contingency plan for the organization. Include all subordinate functions / sub plans, including BIA, IRP, DRP, and BCP efforts.
  3. Determine the policies and procedures that would be needed for all contingency planning efforts. Detail the role of the policy / procedure, and explain how each would help achieve the goals of these efforts.
  4. Detail the processes to utilize in order to fully implement the contingency plan and its components, and explain the efforts to consider in maintaining the plans.
  5. Create a hypothetical incident scenario where the contingency planning efforts would need to be utilized and detail:
    1. how the plan is sufficiently equipped to handle the incident.
    2. a timeline for the incident response and recovery efforts.
  6. Identify any ethical concerns that are specific to this organization and its incident response personnel (especially the CP Team Leader), and explain how to plan for these concerns.
  7. Use at least five (5) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

 

Your assignment must follow these formatting requirements:

  • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
  • Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

 

The specific course learning outcomes associated with this assignment are:

  • Explain risk management in the context of information security.
  • Develop a disaster recovery plan for an organization.
  • Summarize the various types of disasters, response and recovery methods.
  • Compare and contrast the methods of disaster recovery and business continuity.
  • Explain and develop a business continuity plan to address unforeseen incidents.
  • Describe crisis management guidelines and procedures.
  • Describe detection and decision-making capabilities in incident response.
  • Develop techniques for different disaster scenarios.
  • Evaluate the ethical concerns inherent in disaster recovery scenarios.
  • Use technology and information resources to research issues in disaster recovery.
  • Write clearly and concisely about disaster recovery topics using proper writing mechanics and technical style conventions.

 

Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using the following rubric.

Points: 200 Term Paper: Contingency Planning in Action
Criteria  

Unacceptable

Below 60% F

 Meets Minimum Expectations

60-69% D

  

Fair

70-79% C

  

Proficient

80-89% B

  

Exemplary

90-100% A
1. Provide an overview of the organization and indicate why contingency planning efforts are needed and how these efforts could benefit the business.

Weight: 10%

 Did not submit or incompletely provided an overview of the organization and did not submit or incompletely indicated why contingency planning efforts are needed and how these efforts could benefit the business. Insufficiently provided an overview of the organization and insufficiently indicated why contingency planning efforts are needed and how these efforts could benefit the business. Partially provided an overview of the organization and partially indicated why contingency planning efforts are needed and how these efforts could benefit the business. Satisfactorily provided an overview of the organization and satisfactorily indicated why contingency planning efforts are needed and how these efforts could benefit the business. Thoroughly provided an overview of the organization and thoroughly indicated why contingency planning efforts are needed and how these efforts could benefit the business.
2. Develop a full contingency plan for the organization. Include all subordinate functions / sub plans, including BIA, IRP, DRP, and BCP efforts.
Weight: 25%		 Did not submit or incompletely developed a full contingency plan for the organization. Did not submit or incompletely included all subordinate functions / sub plans, including BIA, IRP, DRP, and BCP efforts. Insufficiently developed a full contingency plan for the organization. Insufficiently included all subordinate functions / sub plans, including BIA, IRP, DRP, and BCP efforts. Partially developed a full contingency plan for the organization. Partially included all subordinate functions / sub plans, including BIA, IRP, DRP, and BCP efforts. Satisfactorily developed a full contingency plan for the organization. Satisfactorily included all subordinate functions / sub plans, including BIA, IRP, DRP, and BCP efforts. Thoroughly developed a full contingency plan for the organization. Thoroughly included all subordinate functions / sub plans, including BIA, IRP, DRP, and BCP efforts.
3. Determine the policies and procedures that would be needed for all contingency planning efforts. Detail the role of the policy / procedure and explain how each would help achieve the goals of these efforts.

Weight: 10%

 Did not submit or incompletely determined the policies and procedures that would be needed for all contingency planning efforts. Did not submit or incompletely detailed the role of the policy / procedure and did not submit or incompletely explained how each would help achieve the goals of these efforts. Insufficiently determined the policies and procedures that would be needed for all contingency planning efforts. Insufficiently detailed the role of the policy / procedure and insufficiently explained how each would help achieve the goals of these efforts. Partially determined the policies and procedures that would be needed for all contingency planning efforts. Partially detailed the role of the policy / procedure and partially explained how each would help achieve the goals of these efforts. Satisfactorily determined the policies and procedures that would be needed for all contingency planning efforts. Satisfactorily detailed the role of the policy / procedure and satisfactorily explained how each would help achieve the goals of these efforts. Thoroughly determined the policies and procedures that would be needed for all contingency planning efforts. Thoroughly detailed the role of the policy / procedure and thoroughly explained how each would help achieve the goals of these efforts.
4. Detail the processes to utilize in order to fully implement the contingency plan and its components and explain the efforts to consider in maintaining the plans.

Weight: 10%

 Did not submit or incompletely detailed the processes to utilize in order to fully implement the contingency plan and its components and did not submit or incompletely explained the efforts to consider in maintaining the plans. Insufficiently detailed the processes to utilize in order to fully implement the contingency plan and its components and insufficiently explained the efforts to consider in maintaining the plans. Partially detailed the processes to utilize in order to fully implement the contingency plan and its components and partially explained the efforts to consider in maintaining the plans. Satisfactorily detailed the processes to utilize in order to fully implement the contingency plan and its components and satisfactorily explained the efforts to consider in maintaining the plans. Thoroughly detailed the processes to utilize in order to fully implement the contingency plan and its components and thoroughly explained the efforts to consider in maintaining the plans.
5a. Create a hypothetical incident scenario where the contingency planning efforts would need to be utilized and detail how the plan is sufficiently equipped to handle the incident.

Weight: 10%

 Did not submit or incompletely created a hypothetical incident scenario where the contingency planning efforts would need to be utilized and did not submit or incompletely detailed how the plan is sufficiently equipped to handle the incident. Insufficiently created a hypothetical incident scenario where the contingency planning efforts would need to be utilized and insufficiently detailed how the plan is sufficiently equipped to handle the incident. Partially created a hypothetical incident scenario where the contingency planning efforts would need to be utilized and partially detailed how the plan is sufficiently equipped to handle the incident. Satisfactorily created a hypothetical incident scenario where the contingency planning efforts would need to be utilized and satisfactorily detailed how the plan is sufficiently equipped to handle the incident. Thoroughly created a hypothetical incident scenario where the contingency planning efforts would need to be utilized and thoroughly detailed how the plan is sufficiently equipped to handle the incident.
5b. Create a hypothetical incident scenario where the contingency planning efforts would need to be utilized and detail a timeline for the incident response and recovery efforts.

Weight: 10%

 Did not submit or incompletely created a hypothetical incident scenario where the contingency planning efforts would need to be utilized and did not submit or incompletely detailed a timeline for the incident response and recovery efforts. Insufficiently created a hypothetical incident scenario where the contingency planning efforts would need to be utilized and insufficiently detailed a timeline for the incident response and recovery efforts. Partially created a hypothetical incident scenario where the contingency planning efforts would need to be utilized and partially detailed a timeline for the incident response and recovery efforts. Satisfactorily created a hypothetical incident scenario where the contingency planning efforts would need to be utilized and satisfactorily detailed a timeline for the incident response and recovery efforts. Thoroughly created a hypothetical incident scenario where the contingency planning efforts would need to be utilized and thoroughly detailed a timeline for the incident response and recovery efforts.
6. Identify any ethical concerns that are specific to this organization and its incident response personnel (especially the CP Team Leader), and explain how to plan for these concerns.

Weight: 10%

 Did not submit or incompletely identified any ethical concerns that are specific to this organization and its incident response personnel (especially the CP Team Leader), and did not submit or incompletely explained how to plan for these concerns. Insufficiently identified any ethical concerns that are specific to this organization and its incident response personnel (especially the CP Team Leader), and insufficiently explained how to plan for these concerns. Partially identified any ethical concerns that are specific to this organization and its incident response personnel (especially the CP Team Leader), and partially explained how to plan for these concerns. Satisfactorily identified any ethical concerns that are specific to this organization and its incident response personnel (especially the CP Team Leader), and satisfactorily explained how to plan for these concerns. Thoroughly identified any ethical concerns that are specific to this organization and its incident response personnel (especially the CP Team Leader), and thoroughly explained how to plan for these concerns.
7. 5 references

Weight: 5%

 No references provided Does not meet the required number of references; all references poor quality choices. Does not meet the required number of references; some references poor quality choices. Meets number of required references; all references high quality choices. Exceeds number of required references; all references high quality choices.
8. Clarity, writing mechanics, and formatting requirements

Weight: 10%

 More than 8 errors present 7-8 errors present 5-6 errors present 3-4 errors present 0-2 errors present

 

 

Discussion topics – around 200 words each topic

 

1.

Disaster Recovery (DR), Business Continuity Planning (BCP), and Software as a Service (SaaS) Options”  Please respond to the following:

  • Explain in your own words the difference between disaster recovery and business continuity planning efforts and whether or not you believe these planning efforts overlap.
  • Determine whether or not cloud and SaaS services can assist and benefit an organization in its business resumption panning (BRP) efforts, and whether or not this option is available and feasible to all sizes of organizations at this point in time. Provide a rationale to support your answer.

2.

Cyber Storm”  Please respond to the following:

  • From the e-Activity, explain in your own words the benefits of the DHS’s efforts with Cyber Storm and whether or not you believe this is a necessary and useful activity in terms of incident response preparedness.
  • Determine whether or not the efforts of Cyber Storm can help all types of organizations, regardless of size and independent of industry, for incident response and preparedness planning. Provide a rationale to support your answer.

3.

To IDS or to Not IDS?”  Please respond to the following:

  • Suppose you were proposing the implementation of an IDS to your manager as a new initiative for your organization. Explain how you would make a business case for obtaining the funds in order to fully implement this initiative.
  • Propose the top three reasons for why organizations would NOT choose to implement IDS / IPS systems, and analyze each of these reasons to determine whether you believe they are valid concerns or improper conclusions.

4.

IDS in the Cloud”  Please respond to the following:

  • From the e-Activities, explain whether or not you believe technologies such as IDS are still relevant and useful as there is a push toward SaaS and cloud-based solutions..
  • Discuss from your perspective how cloud-based services change incident response, for better or worse, and determine what you believe to be the greatest preparedness concern with cloud-based services.

5.

“Appropriate Standards”

  • Select an organization with which you are familiar. Identify the compliance laws that you believe would be most relevant to this organization. Justify your response.
  • Define the scope of an IT compliance audit that would verify whether or not this organization is in compliance with the laws you identified.

6.

“Using a Hybrid Framework”

  • Often, it is necessary to develop a hybrid framework of standards for use within a business. Identify the individual(s) within the company that should be involved in the decision-making process. Justify your choices.
  • Describe how the use of a unique set of standards might impact the auditing process.

 

 

Assignment 1: Designing FERPA Technical Safeguards

Due Week 2 and worth 50 points

Imagine you are an Information Security consultant for a small college registrar’s office consisting of the registrar and two assistant registrars, two student workers, and one receptionist. The office is physically located near several other office spaces. The assistant registrars utilize mobile devices over a wireless network to access student records, with the electronic student records being stored on a server located in the building. Additionally, each registrar’s office has a desktop computer that utilizes a wired network to access the server and electronic student records. The receptionist station has a desktop computer that is used to schedule appointments, but cannot access student records. In 1974, Congress enacted the Family Educational Rights and Privacy Act (FERPA) to help protect the integrity of student records. The college has hired you to ensure technical safeguards are appropriately designed to preserve the integrity of the student records maintained in the registrar’s office.

Write a three to five page paper in which you:

  1. Analyze proper physical access control safeguards and provide sound recommendations to be employed in the registrar’s office.
  2. Recommend the proper audit controls to be employed in the registrar’s office.
  3. Suggest three logical access control methods to restrict unauthorized entities from accessing sensitive information, and explain why you suggested each method.
  4. Analyze the means in which data moves within the organization and identify techniques that may be used to provide transmission security safeguards.
  5. Use at least three quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

  • This course requires use of Strayer Writing Standards (SWS). The format is different than other Strayer University courses. Please take a moment to review the SWS documentation for details.
  • Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

  • Describe the role of information systems security (ISS) compliance and its relationship to U.S. compliance laws.
  • Use technology and information resources to research issues in security strategy and policy formation.
  • Write clearly and concisely about topics related to information technology audit and control using proper writing mechanics and technical style conventions.

 

Points: 50 Assignment 1: Designing FERPA Technical Safeguards
Criteria Unacceptable

Below 60% F

 Meets Minimum Expectations

60-69% D

 Fair

70-79% C

 Proficient

80-89% B

 Exemplary

90-100% A
1. Analyze proper physical access control safeguards and provide sound recommendations to be employed in the registrar’s office.

Weight: 21%

 Did not submit or incompletely analyzed proper physical access control safeguards and did not submit or incompletely provided sound recommendations to be employed in the registrar’s office. Insufficientlyanalyzed proper physical access control safeguards and insufficientlyprovided sound recommendations to be employed in the registrar’s office. Partially analyzed proper physical access control safeguards and partially provided sound recommendations to be employed in the registrar’s office. Satisfactorilyanalyzed proper physical access control safeguards and satisfactorilyprovided sound recommendations to be employed in the registrar’s office. Thoroughlyanalyzed proper physical access control safeguards and thoroughlyprovided sound recommendations to be employed in the registrar’s office.
2. Recommend the proper audit controls to be employed in the registrar’s office.
Weight: 21%		 Did not submit or incompletelyrecommended the proper audit controls to be employed in the registrar’s office. Insufficiently recommended the proper audit controls to be employed in the registrar’s office Partially recommended the proper audit controls to be employed in the registrar’s office. Satisfactorily recommended the proper audit controls to be employed in the registrar’s office. Thoroughly recommended the proper audit controls to be employed in the registrar’s office.
3. Suggest three logical access control methods to restrict unauthorized entities from accessing sensitive information, and explain why you suggested each method.

Weight: 21%

 Did not submit or incompletelysuggested three logical access control methods to restrict unauthorized entities from accessing sensitive information, and did not submit or incompletely explained why you suggested each method. Insufficiently suggested three logical access control methods to restrict unauthorized entities from accessing sensitive information, and insufficiently explained why you suggested each method. Partially suggested three logical access control methods to restrict unauthorized entities from accessing sensitive information, and partially explained why you suggested each method. Satisfactorily suggested three logical access control methods to restrict unauthorized entities from accessing sensitive information, and satisfactorily explained why you suggested each method. Thoroughly suggested three logical access control methods to restrict unauthorized entities from accessing sensitive information, and thoroughly explained why you suggested each method.
4. Analyze the means in which data moves within the organization and identify techniques that may be used to provide transmission security safeguards.

Weight: 21%

 Did not submit or incompletelyanalyzed the means in which data moves within the organization and did not submit or incompletely identified techniques that may be used to provide transmission security safeguards. Insufficiently analyzed the means in which data moves within the organization and insufficiently identified techniques that may be used to provide transmission security safeguards. Partially analyzed the means in which data moves within the organization and partially identified techniques that may be used to provide transmission security safeguards. Satisfactorily analyzed the means in which data moves within the organization and satisfactorily identified techniques that may be used to provide transmission security safeguards. Thoroughly analyzed the means in which data moves within the organization and thoroughly identified techniques that may be used to provide transmission security safeguards.
5. Three references

Weight: 6%

 No references provided Does not meet the required number of references; all references poor quality choices. Does not meet the required number of references; some references poor quality choices. Meets number of required references; all references high quality choices. Exceeds number of required references; all references high quality choices.
6. Clarity, writing mechanics, and formatting requirements

Weight: 10%

 More than eight errors present Seven to eight errors present Five to six errors present Three to four errors present Zero to two errors present

 

Related Posts

WeCreativez WhatsApp Support
Our customer support team is here to answer your questions. Ask us anything!
👋 Hi, how can I help?
Hi, how can I help?
Scroll to Top