BCI3002 DISASTER RECOVERY AND BUSINESS L T P J C

CONTINUITY MANAGEMENT
3 0 0 4 4
Pre-requisite NIL Syllabus version
v1.0
Course Objectives:
1.To develop an understanding of concepts of risk management
2.To examine aspects of incident response and contingency planning consisting of incident
response plans, disaster recovery plans, and business continuity plans.
3.To develop and execute plans to deal with contingency, incident response, disaster recovery and
business continuity

Expected Course Outcome:

1.Describe concepts of risk management
2.Define and differentiate contingency planning components
3.Define and be able to discuss incident response options
4.Design an incident response plan for sustained organizational operations
5.Discuss and recommend contingency strategies including data backup and recovery and alternate
site selection for business resumption planning
6.Describe the escalation process from incident to disaster
7.Design a disaster recovery plan, business continuity plan for sustained organizational operations

Student Learning Outcomes (SLO): 1,2,14,17

Module:1 DISASTER RECOVERY AND BUSINESS 5 hours
CONTINUITY INTRODUCTION
Disaster Different source of disaster and types of disasters. Disaster Recovery Operational cycle of
disaster recovery, disaster recovery cost, incidents that requires disaster recovery plans, evaluating
disaster recovery - methods, team, phases, objectives, checklist. Best practises for disaster recovery
- Business continuity - Business continuity vs. disaster recovery

Module:2 DISASTER RECOVERY PLANNING AND 6 hours

IMPLEMENTATION
Introduction - Aspects of security - Application security - Database security - Distributed system
security - Firmware security - Industrial security. Profiles Operational profile, Appli- cation
profiles, Inventory profile, Disaster recovery plan - Business impact analysis - Disaster recovery
roles and responsibilities - Disaster recovery planning steps - Disaster preparedness - Notification
and activation procedures

Module:3 BUSINESS CONTINUITY 6 hours

MANAGEMENT
Introduction - Elements of business continuity management. Business continuity plan - Business
continuity planning and strategies - BCP standards and guidelines - BCP Project Organization -
Crisis communication plan - Emergency response plan - Contingency planning

Module:4 MANAGING, ASSESSING AND 6 hours

EVALUATING RISKS
Introduction - Importance of risk management - Risk management methodology - Attack methods and
Countermeasures - Cost benefits analysis of risk management - Risk assessment responsibilities -
Responsibilities of security professional - Information system auditing and monitoring - Verification
tools and techniques.
Module:5 RISK CONTROL POLICIES AND 7 hours
COUNTER MEASURES
Introduction - Counter measures - Risk control policy development factors Development of
information assurance principles and practices - Laws and procedures in information assurance
policy implementation, Security test and evaluation, Automated security tools, Cost benefit
analysis, Developing a risk assessment methodology, Security requirements, Information
categorization, Risk management methodologies to develop life cycle management policies and
procedures, Education, training and awareness. Policy development Information security pol- icy,
change control policies, system acquisition policies and procedures, Risk analysis policies and
General risk control policies.

Module:6 STORAGE DISASTER RECOVERY 7 hours

SERVICES TOOLS
Introduction - Importance of data backup - Preventing data loss - Developing an effective data
backup strategy - Backup techniques Disk mirroring, Snapshot, Continuous data protection, and
Parity protection. Backup schedules - Removable backup media - Potential risks - Challenges in
backup and recovery - Backup and recovery checklist - Data backup and recovery tools - Offsite
data backup methods and strategies - Enterprise backup tools

Module:7 BUSINESS RECOVERY 6 hours

Business recovery planning process mobilizing business recovery team, Assessing extent of
damage and business impact, Preparing specific recovery plans, Assess damaged property and
documents, Backup recovery site, Monitoring progress, Keeping stockholders informed, Handling
business operation back to regular management. Planning recovery activities Communication
systems, Human resources, Corporate proprietary information and documentation, IT systems
Software architecture recovery.

Module:8 Contemporary Issues: RECENT TRENDS 2 hours

Total Lecture hours: 45 hours

Text Book(s)
1. John W. Rittinghouse and James F. Ransome, Business Continuity and Disaster Recovery
for Info Sec Managers. Elsevier: Elsevier Digital Press, 2005. (ISBN: 978-0-52-119019-0 )
2. EC Council Press. Disaster Recovery, 1st Ed. Course Technology, 2011. (ISBN: 978-1-
55558-339-2 )
Reference Books
1. ISO 27001:2013 A specification for an information security management system
2. David Alexander, Amanda Finch, David Sutton, Andy Taylor. Information Security
Management Principles, 2nd Ed. BCS Shop, 2013. (ISBN: 9781780171753)
3 ISO Guide 73:2009 Definitions of generic terms related to Risk Management
4 ISO Guide 27005:2011 Guidelines for information security risk management
5 ISO 31010:2010 Risk Management Risk Assessment Techniques
6 Mark Talabis, Jason Martin. Information Security Risk Assessment Toolkit Practical
Assessments through Data Collection and Data Analysis. Syngress Imprint, 2013. (ISBN:
978-1-59-749735-0).
Mode of Evaluation: CAT / Assignment / Quiz / FAT / Project / Seminar
Recommended by Board of Studies 28-02-2017
Approved by Academic Council No. 41 Date 16-03-2017