CYB – 209 Information risk management and compliance

(Project)

Maximum Mark Available 100

The weighting of this coursework towards the Module mark (%) 25

Learning Outcomes Being Assessed • Analyse the risk security matrix.

• Identify the risk assessment level

Tutor this work is for Dr. Adel Bahaddad

Handout date Saturday 26/6/2021
Handing date Friday 2/7/2021through blackboard
Expected handback date
Expected feedback date (if different
from handback date)

Outline of Problem Business Continuity Planning (BCP) and Disaster Recovery Planning (DRP) are an
organization's last corrective control when all other controls have failed! ... An eventual
potentially crippling disaster may have no impact due to prudent risk management steps
taken as a result of thorough BCP/DRP plans.

You are required to research and report on this topic according to the Detail of the
Question below.
Detail of Questions Part One:

Purpose and Scope, which focuses to present requirement of the BCP which contains
from the following points:

Introduction‫ املقدمة‬ 
 Objectives and constraints ‫اخلطة من والقيود األهداف‬

 Identify the Risk Assessments
‫والنوعية الكمية املخاطر تق يم وسائل حتديد‬ 
(Quan - Qual)
 Contingencies ‫ة يف هبا يعتد اليت الطوارئ حاالت ماهي‬R‫املنظم‬

 Physical safeguards if applicable ‫موجودة كانت إذا املستخدمة املعدات أمن وسائل‬

 Types of computer service issues ‫الكمبيوتر خدمة تعطل اليت املشكالت أنواع‬

considerations ‫هل يوجد اعتبارات أتمينية على املنتجات اإللكرتونية لدى املنظمة‬ 
Insurance 

Part Two:

Recovery Team who, this part is focus to identify the directed and related team to DRP &
BCP.

Part Three:
3.1 Preparing for Disaster. This part will identify 5 risks as a maximum and which
group they are related to it. The suggested groups are as follows:
 Physical/security risks )‫ األمنية (التقنية‬/ ‫املخاطر املادية‬ 

1
 3.2 After identify the five main risks the group will carried out the level of
assessment according to the quantitative or qualitative method. The quantitative
method should calculate the following formula: (use a realistic number no need to use
a real data if you can’t)

SLE
ARO
ALE

3.3 The qualitative method should use the experience gained of the main leader
team in the company as following example: (you can choose your own threats)

The
Attacking The
severity Expected The degree of possible entities
confidential possibility of
of the loss efficacy
information the threat
threat
Firewall IDS Honeypot
IT Manger
DB Manger

Programmer

OS Engineer

Quality Manger

Average

Part Four:

Preparing for a planning (identifies the 5 risks from previous part) In this part, it should
be answer:
4.1 what should happen when a disaster occurs?

4.2 what should be done including the following points:

‫ماهي الطريقة املقرتحة إليصال املعلومة لفريق التعايف وتشكيلة‬ 

 Disaster recovery team formation
‫إلدارة الكوارث‬
‫اقرتاح استخدام مواقع أو طرق بديلة‬ 
 Use of alternate sites
‫ماهي اخلطة البديلة لتخزين املعلومات خارج موقع الكارثة‬ 
 Offsite storage
 Part Five:

Restoration Procedures After the initial response that allow the organization to continue
working to normal business operations. This part includes the following:

‫خطة استعادة املرافق املركزية (ملخص للخطة يف حدود‬ 

 Central facilities recovery plan )‫ كلمة‬100

 Operations recovery plan in the

central site ‫خطة استعادة نت فيذ العمليات يف املوقع املركزي‬ 

‫خطة استعادة الكمبيوترات واخلوادم‬ 

 Computer recovery plan

What you should A report following the structure outlined in ‘Detail of Questions’ above. All sources of
hand in information MUST be referenced. You have to answer: all parts. Therefore, by handing
this project, Five parts in total with their answers would be submitted.
Rules - While solving all parts, you have to:
o The risks mentioned in the project should be realistic and not have to be
related to a real work environment
o It is preferring that the mentioned risks should be related to the
information security filed.

- The individual in the group is evaluated according to the following criteria:

o The presence of at least four participations for each member in the report.
o The participation of each member is not less than two primary
participations (meaning that the participants should has primarily
responsible for accomplishing two points in the report) and have associate
participants with the other members.
o The participants of one member in the report shall not be less than four.
o Good wording and clarity of phrase in the private parts.
- Evaluate the collective participation by the following points
o The report should include an assessment of risks, specifying the method of
assessment (quantitative - qualitative) and the value of the risk in SAR.
o The emergency and recovery plan relies mainly on risk assessment, as no
emergency plan is developed for aspects that the report does not consider
as dangerous in the first place.
o Output quality and good design.
o Make an executive summary within 200 words.
Guidelines/Length There is no strict word limit
Resources Required Internet, book and Microsoft PowerPoint.
Other information o This project is done by group: consists of 4 students.
o The name of the group should be indicated clearly.
o All parts should be solved to take granted a full mark.
o Project evaluation: worth 25 marks, the marks are equivalent to 60% worth to
entire group members, and 40% for each member individually.
o The report can be written in one of two languages (Arabic - English).
o
Plagiarism Your attention is drawn to the University Modular Framework Assessment Regulations
regarding academic impropriety. This covers cheating, attempts to cheat, plagiarism,
collusion and any other attempts to gain an unfair advantage in assessments. The work
you
submit must conform to those regulations.
 ‫‪Evaluation table for individual participation in the DRP & BCP project‬‬

‫اسم‬ ‫اسم‬ ‫اسم‬ ‫اسم‬

‫مشارك‬ ‫مشارك‬ ‫مشارك‬ ‫مشارك‬ ‫جدول حمتوايت التقرير‬
‫(‪)4‬‬ ‫(‪)3‬‬ ‫(‪)2‬‬ ‫(‪)1‬‬
‫‪Part one: Purpose and Scope‬‬ ‫اجلزء األول‪ :‬الغرض والنطاق‬
‫‪‬‬ ‫‪Introduction‬‬ ‫املقدمة‬ ‫‪‬‬ ‫‪.1. 1‬‬
‫‪‬‬ ‫‪Objectives and constraints‬‬ ‫األهداف والقيود من اخلطة‬ ‫‪‬‬ ‫‪.1. 2‬‬
‫‪‬‬ ‫‪Identify the Risk Assessments‬‬ ‫حتديد وسائل تق يم املخاطر الكمية والنوعية‬ ‫‪‬‬ ‫‪.1. 3‬‬
‫)‪(Quan - Qual‬‬
‫‪‬‬ ‫‪Contingencies‬‬ ‫ماهي حاالت الطوارئ اليت يعتد هبا يف املنظمة‬ ‫‪‬‬ ‫‪.1. 4‬‬
‫‪‬‬ ‫‪Physical safeguards if applicable‬‬ ‫وسائل أمن املعدات املستخدمة إذا كانت موجودة‬ ‫‪‬‬ ‫‪.1. 5‬‬
‫‪‬‬ ‫‪Types of computer service issues‬‬ ‫أنواع املشكالت اليت تعطل خدمة الكمبيوتر‬ ‫‪‬‬ ‫‪.1. 6‬‬
‫هل يوجد اعتبارات أتم ني ية على املنتجات اإللكرتونية لدى‬ ‫‪‬‬ ‫‪.1. 7‬‬
‫‪‬‬ ‫‪Insurance considerations‬‬
‫املنظمة‬
‫‪Part two: Recovery Team‬‬ ‫اجلزء الثاين‪ :‬فريق االستعادة‬
‫‪‬‬ ‫‪Identification of recovery team‬‬ ‫حتديد أعضاء فريق االستعادة‬ ‫‪‬‬ ‫‪.2. 1‬‬
‫‪members‬‬
‫‪Part three: Preparing for Disaster‬‬ ‫اجلزء الثالث‪ :‬التحضري للكارثة‬
‫‪‬‬ ‫‪Identified Risks‬‬ ‫املخاطر احملددة‬ ‫‪‬‬ ‫‪.3. 1‬‬
‫‪Part Four: emergency procedures‬‬ ‫اجلزء الرابع‪ :‬إجراءات الطوارئ‬
‫كيفية إيصال املعلومة لفريق التعايف وتشكيلة إلدارة‬ ‫‪‬‬ ‫‪.4. 1‬‬
‫‪‬‬ ‫‪Disaster recovery team formation‬‬
‫الكوارث‬
‫‪‬‬ ‫‪Use of alternate sites‬‬ ‫استخدام مواقع بديلة‬ ‫‪‬‬ ‫‪.4. 2‬‬
‫‪‬‬ ‫‪Offsite storage‬‬ ‫ختزين املعلومات البديلة خارج املوقع‬ ‫‪‬‬ ‫‪.4. 3‬‬
‫‪Part Four: Restoration Procedures‬‬ ‫اجلزء اخالمس‪ :‬إجراءات االستعادة‬
‫‪‬‬ ‫‪Central facilities recovery plan‬‬ ‫خطة استعادة املرافق املركزية‬ ‫‪‬‬ ‫‪.5. 1‬‬
‫‪‬‬ ‫‪Operations recovery plan in the‬‬ ‫‪.5. 2‬‬
‫خطة استعادة نت فيذ العمليات يف املوقع املركزي‬ ‫‪‬‬
‫‪central site‬‬
‫‪‬‬ ‫‪Computer recovery plan‬‬ ‫خطة استعادة الكمبيوترات واخلوادم‬ ‫‪‬‬ ‫‪.5. 3‬‬