• Classroom
  • Online, Instructor-Led
Course Description

This course focuses on preserving and recovering business operations in the event of outages, disasters or workforce interruptions. Measures and technologies used for forensics, as well as computer crime and security investigation, are addressed.

Learning Objectives

  • Understand rudimentary principles of risk assessment in order to identify and valuate the assets using qualitative and quantitative metrics. Understand how a disaster event is defined and quantified, and how Business Continuity Plans fit into the NIST SP800-34 Interrelationship of Emergency Action Plans framework.
  • Prioritize spending for mitigating risk of financial loss, data exposure, or downtime. Evaluate how information system assets relate to critical business functions through Business Impact Analysis. Explore the role of the BIA, how a BIA may be conducted, and how a BIA may be presented to senior management.
  • Learn prioritization methods and develop a response in the form of a Recovery Strategy consisting of pre-defined methods, responsibilities, procedures, and actions to mitigate the impact of business disruption.
  • Demonstrate the goals and objectives of a Disaster Recovery Plan to re-establish services and minimize the threat of exposure or loss based on NIST SP800-34. Learn industry best practices to maintain a DRP, and assess DRP performance using the following forms of tests: Structured Walk-Through, Checklist, Simulation, Parallel, and Full Interruption.
  • Understand NIST SP800-34 Technical Considerations concerning disaster recovery events, including data backup and retention, backup methodology and tertiary store definitions, fault tolerance methods (RAID), network redundancy, hot/warm/cold sites, load balancing, and consideration for redirected telephony circuits.
  • Demonstrate procedures for collecting, processing, and disseminating intelligence during a disaster, as codified in a Crisis Communication Plan. Understand issues surrounding intelligence control, chain of authority, media relationships, vendor relationships, and company spokespersons.
  • Explore the legal foundation that establishes data and electronic systems as private property. Understand procedures for responding to a cyber incident as codified by a Cyber Incident Response Plan.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Digital Forensics
  • Exploitation Analysis
  • Cyber Investigation
  • Systems Analysis
  • Test and Evaluation

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@hq.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.