SEC 340 Business Continuity


SEC 340 Business Continuity
Students will submit a 750-1,000-word paper (double spaced) this week, identifying and describing…




SEC 340 Business Continuity

SEC 340 Business Continuity

A+ Entire Course: Incident Response Plan Paper Week 3 |Disaster Recovery Plan Paper Week 5 | You Decide Paper Week 6 | Quiz Week 2, 4 | Discussions Week 1-7

Incident Response Plan Paper Week 3

Students will submit a 750-1,000-word paper (double spaced) this week, identifying and describing the key components of a comprehensive incident response plan for any attack on an organization’s network and data. This paper should start with the identification of trigger events and should include immediate actions that should be taken. The rubric for this assignment is located in Doc Sharing.


Implementing the IRP all starts with identifying a threat or incident. Time is of the essence in this stage of the IRP and most Network Administrations would like to get ahead of the curve by installing Intrusion Detection Systems or IDS. An IDS will…

SEC 340 Business Continuity

Disaster Recovery Plan Paper Week 5

Students will submit a 750-1,000-word paper (double-spaced) this week, identifying and describing the key components of a comprehensive disaster recovery plan for any incident that could disrupt an organization’s network and data. This paper should start with the composition of the disaster recovery team and their respective roles and responsibilities. The rubric for this assignment is located in Doc Sharing.


When a hurricane hits and building have been destroyed what measures are in place to ensure a company can recover from this disaster? Sure, there are some things they may seem like they are near impossible to recover from, like a hurricane. However, if a company has a…

SEC 340 Business Continuity

Sunshine Machine Works – You Decide Paper Week 6

Sunshine Machine Works has an infrastructure which includes over 100 employees working within their one-story headquarters. Management needs a business continuity plan to help them continue with their business in the event of a serious incident.

You are an outside consultant brought in to provide some valuable insight and feedback for Sunshine Machine Works. This company has seen rapid growth and management is looking to you to provide critical input for a business continuity plan. Although they have a format they can use for the policy, they are looking to you to provide some guidance on areas they will need to address when creating this policy.

Wilma Stone – Chief Executive Officer

When we first started this company there were only a few computers that we used to share our files. Now, with the growth of our company we have a situation where we have centralized our file storage, created an extensive online collaboration process, and increased our dependency on all of that information. I am concerned that if we do not make preparations, some type of natural disaster or malicious act could jeopardize the future of our company. We need a good business continuity plan in place.

Margie Nelson – Chief Financial Officer

We have a lot of account information stored on our local server systems. There is restricted access so that the only ones to access those files are the CEO, the General Manager, and I. No other employees have access to most of them. Although our system is running efficiently, management realizes that in certain emergency situation alternative arrangements need to be in place in case of catastrophic damage to our facility or loss of our server systems to damage or theft.

Gary Thomas – General Manager

I look at the way we need to do business now, which entails a lot of online collaboration with our vendors, customers, and activities related to our potential sales outreach. We have made all our file storage centralized and we need to look at how we maintain productivity in the event of some type of disaster or other disruption.

As the expert providing consulting services, you will want to identify and describe the key components of a comprehensive business continuity plan for an attack or incident which could affect Sunshine Machine Work’s network and data. Follow the instructions provided in the You Decide Exercise: Business Continuity Plan.


A business continuity plan (BCP) allows critical products or services to be continually provided to customers (Government of Canada, n.d.). It ensures the continuous availability of the company’s critical operations. In turn, it ensures survival, avoids injury, and enables the company to meet its legal and other…

SEC 340 Business Continuity

Quiz Week 2

(TCOs 1, 2, 4) A targeted solution to misuse of a specific vulnerability is called a(n) _____.





(TCOs 1, 2, 4) The risk that remains after a control has been applied is called _____.

Pure risk

Residual risk

Dynamic risk

Static risk

(TCOs 1, 2, 4) Which part of the contingency plan provides detailed scenarios of the potential impact of each type of attack?

Incident response plan

Business impact analysis

Disaster recovery plan

Business continuity plan

(TCOs 1, 2, 4) Which is not a role of the contingency planning management team?

Obtaining commitment and support from senior management

Writing the contingency plan document

Conducting the business impact analysis

Conducting the risk assessment

(TCOs 1, 2, 4) Who should set the policy for the contingency planning process?

Executive management


Contingency planning management team

Incident response team

(TCOs 1, 2, 4) Which of the following is a method or source for collecting data for the BIA?

Online questionnaires

Focus groups

Application and system logs

All of the above

(TCOs 3, 5) Which of the following is not a possible IR team structure model? (TCOs 3, 5) Which of the following is not a possible IR team structure model?

Central IR team

Distributed IR teams

Decentralized IR team

Coordinating IR team

(TCOs 3, 5) The responsibility for creating an organization’s IR plan rests with the _____.

Chief information security officer (CISO)

Chief security officer

Chief executive officer

Chief planning officer

(TCOs 3, 5) An actual incident that occurs but is not reported is called a _____.

False positive

True positive

False negative

True negative

(TCOs 3, 5) An IDS that monitors traffic on a network segment is called a(n) _____.

Switched-port analysis

Application-based IDS

Host-based IDS

Network-based IDS

(TCOs 3, 5) The _____ should provide the incident response plan as its first deliverable.

Emergency response team

Incident response team

IR planning committee

None of the above

(TCOs 3, 5) Which of the following starts with admitting there is a problem?

Crisis intervention

Risk management

Risk assessment

Successful execution of a business continuity plan

(TCOs 3, 5) Confidentiality, integrity, and availability reflect upon the relative _____ of an information system.



Patch level

None of the above

(TCOs 3, 5) Confidentiality refers to the way in which an information system is capable of identifying those who _____.

Do not have the right to know and access information

Are able to audit the system

Created files on that system

Are the system owners

(TCOs 3, 5) Which of the following is not a problem associated with risk management?

It is a distraction

It is expensive

It is not effective

It can be too effective

(TCO 1) The CNSS model of _____ evolved from a concept known as the CIA triangle.

Information assurance

Information technology

Information security

Security standards

(TCO 1) A threat is a category of all of the following except for what?



All of the above

None of the above

(TCOs 2, 4) The _____ takes up where the risk assessment process leaves off.

Risk assessment analysis

Business impact analysis

Qualitative evaluation

Business management board

(TCO 5) When a non-event is categorized as an actual incident, it is also known as a _____.

False negative

False positive

Reliable indicator

Threat vector

(TCO 5) False positives or noise often result from which of the following causes in an incident collection candidate?




All of the above

SEC 340 Business Continuity

Quiz Week 4

(TCO 7) What type of backup site is a fully configured computer facility with all services, communications links, and physical plant operations and is capable of establishing operations at a moment’s notice?

Hot site

Warm site

Cold site

None of the above

(TCO 7) Which backup method offers the fastest recovery time?





(TCO 7) Which of the following is not one of the three possible backup strategies?

Six-tape rotation


Tower of Hanoi

All of the above are possible backup strategies.

(TCO 6) CERT provides nine best practices for responding to _____.


Virus infections


None of the above

(TCO 6) A _____ roster requires that a contact person call each and every person on the roster.




None of the above

(TCO 6) A hierarchical roster has the first person call _____ on the roster, who in turn call other people on the roster.

Every other person

Certain other people


None of the above

(TCO 6) _____ has its roots in computer science and criminal justice.

Intrusion detection

Computer forensics

Root cause analysis

None of the above

(TCO 6) The use of established _____ can facilitate the collection of legally defensible evidentiary material.




None of the above

(TCO 7) The _____ method of backup allows recovery of data for the previous three weeks.

Six-tape rotation


Towers of Hanoi

None of the above

(TCO 7) The Towers of Hanoi is more complex than other backup approaches and is based on statistical principles to optimize _____.


Data segmentation

Media wear

None of the above

(TCO 6) A network decoy system configured to resemble a production system is called a _____.




None of the above

(TCO 6) Which of the following is not an established method to activate an alert roster?

Sequential roster

Hierarchical roster

Text messaging

None of the above

(TCO 6) A simulation of a real event in a test environment is called a _____.

Full interruption

Parallel test


War game

(TCO 6) Which of the following is not a technical aspect of analyzing evidentiary material?

Analyzing original data

Creating a hash of the evidence to provide authentication

Creating working backups of the image

Using an investigative tool that can be used to examine computer evidence

(TCO 6) When analyzing the cost of an incident, which of the following should not be considered?

Cost associated with reproducing lost data

Legal costs associated with prosecuting offenders

Costs associated with loss of market advantage or share due to disclosure of proprietary information

None of the above. They are all factors that should be considered.

(TCO 7) A business resumption plan is considered to have two major elements, which are:

Disaster recovery plan and business continuity plan

Disaster recovery plan and incident response plan

Incident response plan and business resumption plan

None of the above

(TCO 7) There are _____ key procedural mechanisms which facilitate the restoration of critical information and the continuation of business operations.





(TCO 7) First, regardless of the strategy, _____ storage and _____ storage must be secured.

Tape, hard drive

Differential, incremental

Off-site, on-site

Classified, unclassified

(TCO 7) Overall, the _____-tape rotation method of backup offers roughly two weeks of recovery capability.





(TCO 7) Which form of RAID is used to balance safety and redundancy against the costs of acquiring and operating the systems?

RAID level 1

RAID level 0

RAID level 7

RAID level 5

SEC 340 Business Continuity

Discussions Week 1-7 All Students Posts 224 Pages

Risk Management and Threats and Attacks Discussions Week 1 All Posts 35 Pages

Risk Management – 17 Pages

What is meant by the term “risk management” and why is it important in the framework of incident response and disaster recovery? What is the difference between risk identification and risk control in the context of protecting information systems? In order to understand incident response and disaster recovery, we must first understand what is meant by “risk management.”  What is the relationship between BC and risk management? Any ideas?  What strategies can be used to control identified risks to the organization’s information systems?…

Threats and Attacks – 18 Pages

Review the threats and corresponding attacks in Table 2-1 in your textbook. How would you prioritize these threats and attacks as they relate to the computer network at your home, place of work, and/or a school’s computer laboratory? Explain the rationale for how you arrived at your conclusions. What have you done to reduce the risk of these threats to your home computer? In evaluating threats which is more important: probability of occurrence or impact on the organization? What I’m saying is this: is a threat that is likely to happen but will only have a minimal impact on the organization greater than a threat that is unlikely but will have a significant impact on the organization? What do you think? What is the relationship between a recovery point objective and a recovery time objective?…

Incident Response Development and The Sparks Chronicles Discussions Week 2 All Students Posts – 32 Pages

Incident Response Development – 15 Pages

What are the phases of the incident response development process? What are the critical elements of each of these phases? How is an IR plan developed? What are the phases of IR? What are the critical elements of each of these phases? Any ideas? What is involved with the IR “development” process? How are these plans developed? Go to the website and in the search box type in “CSIRT.” What is the CSIRT and what exactly does it do? How is a CSIRT created, operated and staffed?  How can something like the CSIRT help other companies protect their network?…

The Sparks Chronicles – 17 Pages

Review the video “The Sparks Chronicles: Episode 1” at the end of the Week 2 Lecture. What conditions and vulnerabilities do you see at this facility that could threaten the organization’s network and data? What physical security measures and procedures would you implement to enhance the security of the IT room? Is there a potential problem with putting barbed wire on top of a fence surrounding the facility? Could top management say it doesn’t look “aesthetically pleasing?” How does this factor into security measures? Our text provides a very in-depth explanation of Intrusion Detection Systems (IDS).What are some compelling reasons that you can think of to implement and use an Intrusion Detection System (IDS)? How does an IDS help to manage risk?…

Privacy and Regulatory Issues and Recovery Operations Discussions Week 3 All Students Posts 33 Pages

Privacy and Regulatory Issues – 19 Pages

Conduct research into either Sarbanes-Oxley or HIPAA. Present a brief description of what organizations are required to do under these laws in regard to contingency planning and business continuity. How have these laws affected the way that organizations view the need for business continuity planning? What are some of the possible consequences of not having a robust business continuity plan? How does this regulation affect IT? What role does IT play in financial reporting and why is it important that this process is transparent?  Go back to the Sans Reading Room at Select one of the papers from within these categories and present a brief overview of the paper to the class. What are some of the salient points in this paper as it relates to Incident Response?…

Recovery Operations – 14 Pages

What should be the primary objective of recovery operations during an incident response? What are some of the key steps that should be used to accomplish recovery?  Where exactly does recovery fit into the incident response plan? I’m looking forward to reading your posts and discussing this with you. What would you state as the overall goal of any Recovery operation?  What is an After-Action Review? What are the primary reasons for undertaking an After-Action Review?…

Week 4 Unavailable

SEC 340 Business Continuity

Data Backup, Recovery, and Storage Strategies and Disaster Recovery versus Business Continuity Discussions Week 5 All Students Posts 33 Pages

Data Backup, Recovery, and Storage Strategies – 18 Pages

Using an Internet search engine, conduct a search for the terms “data backup,” “data recovery,” and “data storage strategies.” What options are available to disaster recovery planners to perform these tasks? How do they relate to disaster recovery? Which of the various options would you prefer to use if you were in charge of disaster recovery planning? Why?  So, what is your opinion of backing up to the cloud? Do you think that is secure enough at this point to be an option? What problems have occurred or do you think could occur when restoring data from backups?….

Disaster Recovery versus Business Continuity – 15 Pages

What is the difference between disaster recovery and business continuity planning? What degree of similarity exists between the special needs of the disaster recovery and business continuity planning processes? How is the business impact analysis used in the disaster recovery and business continuity planning process? What are the “triggers” for activating either of these plans? Under what conditions would you activate the DRP vs. the BCP? Conduct Internet research to search for commercial applications using various forms of RAID technologies, such as RAID 0 through RAID 6, plus the other configurations. What is the most common implementation?…

RTO versus RPO and Alternate Sites Discussions Week 6 All Students Posts 29 Pages

RTO versus RPO – 14 Pages

What is the difference between a recovery time objective and a recovery point objective in the context of a business continuity plan? Why is it important to define these two parameters early in the BC planning process? So, how does knowing the RTO and RPO help when developing DR and BC Plans? Can you explain why these are so important in ensuring that these plans meet the business needs of the company? What should be the first step in any given part of a contingency planning process?…

Alternate Sites – 15 Pages

When a decision is made to activate critical services at an alternate site, what important steps/decisions must be taken to implement this decision? What are some of the things that could create confusion and disorder at the alternate site? What are the critical issues that companies must consider when deciding to activate their alternate site? What is meant by the term “continuous improvement” and how does it apply to the BC process?…

CMP versus CMT and Crisis Communications Discussions Week 7 All Students Posts 29 Pages

CMP versus CMT – 16 Pages

What are the differences in roles and responsibilities between the crisis management planning committee and the crisis management team? Who should be on the CMP and who should be on the CMT? How does the size of a company affect the composition of each of these entities? Is it possible that a small company would have many of the same people on each of these? And would a Fortune 500 company really need their CEO to participate on the CMPC, or could that be delegated to someone else? What do you think? What is meant by the term “sudden crisis?” Describe an example either from your professional experience or through an Internet search of “sudden” crisis. What was the root cause of this crisis and how did the organization deal with it?…

Crisis Communications – 13 Pages

What is meant by the term crisis communications? What role does this play in the crisis management plan? What are some bad things that can happen when companies don’t communicate effectively during a crisis? Any ideas or examples from real crises that you can think of? What type of information should be communicated internally to employees? Why is this so important? What type of information do you think should be disseminated to a company’s employees during a crisis that significantly affects the company’s business operations? How does emergency response differ from crisis management?…

Final Exam Not Included

SEC 340 Business Continuity