This course focuses on preparing for, reacting to and recovering from events that threaten the security of information and information resources, or that threaten to disrupt critical business functions. Students examine various levels of threats to an organization’s information assets and critical business functions, as well as develop policies, procedures and plans to address them. Technology specific to thwarting disruption and to supporting recovery is also covered.
Learning Objectives
- Given an organization with a need for a business continuity plan, explain the steps that are needed in the project foundation phase.
- Given an organization that will be needing a disaster recovery plan, prepare an analysis that examines the different types of disasters that are likely to affect that organization and addresses the impact each type of disaster would have on the organization.
- Given an organization for which you are preparing a business continuity plan, prepare a business impact analysis (BIA).
- Given an organization with a need for a business continuity plan, analyze the organization's current level of preparedness.
- Given an organization with a need for a data recovery strategy, prepare a plan for backing up that business’s data.
- Prepare a presentation for executives at a business that describes the impact of various privacy laws on business continuity.
- Given an example business, prepare an analysis of the type of backup site that is most appropriate for that business.
- Given an example organization, decide the order in which recovery operations should take place and explain why that order is most appropriate.
- Given an example organization, decide the appropriate personnel who should be on the emergency management team and the recovery team. Explain your choices.
- Given an example organization, prepare a disaster recovery plan. This plan must consider the previously selected back-up plan, the impact of Sarbanes-Oxley and/or HIPAA, the type of back-up site selected, the order of recovery operations, and who is on the recovery teams. In essence, this objective is to synthesize the previous objectives into a single, coherent business continuity plan.
- Prepare a methodology for testing and maintaining your business continuity plan.
Framework Connections
- Cyberspace Intelligence
- Design and Development
- Implementation and Operation
- Oversight and Governance
- Protection and Defense
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Cyber Defense Analysis
- Training, Education, and Awareness
- Systems Administration
- Systems Requirements Planning
- Threat Analysis
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.