Category Archives: CIS 462

CIS 462 Final Exam Updated

CIS 462 Final Exam Updated

Check this A+ tutorial guideline at

http://www.homeworkrank.com/cis-462-strayer/cis-462-final-exam-updated

For more classes visit

http://www.homeworkrank.com/

CIS 462 Final Exam Updated

CIS 462 Final Exam Guide Set 1

• Question 1 A User Internet Proxy standard and a Content-Blocking Tools Configuration standard would be associated primarily with which IT domain?

• Question 2 What entity issues and manages digital certificates?

• Question 3 A PKI uses public and private ______ for the secure exchange of information.

• Question 4 A Wi-Fi Access Point Security standard defines secure wireless connectivity to a network. With which IT domain is this standard primarily associated?

• Question 5 Baseline standards for the LAN Domain would include ____________.

• Question 6A standard for Web Services from an external provider would be part of which set of policies?

• Question 7 A control standard that separates the development environment from the production environment would be found in which set of policies?

• Question 8 What is a benefit of instructor-led classroom training for security awareness?

• Question 9 Accountability, lack of budget, lack of priority, and tight schedules are examples of ____________.

• Question 10 What is a common consequence of failing to adhere to an acceptable use policy (AUP)?

• Question 11 Which of the following is least likely to be required to attend an organization’s formal security awareness training program?

• Question 12 Implementing IT security policies is as much about __________ as it is about implementing controls.

• Question 13 What is the best way to measure a specific user’s comprehension of security awareness training?

• Question 14 Conducting __________ can be an effective security awareness program solution.

• Question 15 The primary objective of a security awareness program is to _________.

• Question 16Which tool can you use in a Microsoft domain to manage security settings for users and organizational units (OUs)?

• Question 17 What does a configuration management database (CMDB) hold?

• Question 18 A(n) __________ can include a computer’s full operating system, applications, and system settings, including security and configuration settings.

• Question 19 You want to manage patches and updates for Windows client computers centrally. Which is the best tool to use?

• Question 20 Which organization maintains the Common Vulnerabilities and Exposures (CVE) list?

• Question 21 Which of the following methods is used to track compliance?

• Question 22 What is due care?

• Question 23 Common IRT members may be IT subject matter experts, IT security reps, HR reps, and ____________ reps.

• Question 24 When responding to an incident, when does the IRT timeline start?

• Question 25 During which phase of incident response do IRT members study the attack and develop recommendations to prevent similar attacks in the future?

• Question 26 Before an incident can be declared, the IRT must develop an incident ________ for incident response.

• Question 27 FISMA requires federal agencies to report major incidents to which organization?

• Question 28 During which phase of incident response do IRT members stop the attack and gather evidence?

• Question 29 According to the Payment Card Industry Data Security Standard (PCI DSS), what is classified as an incident?

• Question 30 In a business classification scheme, which classification refers to routine communications within the organization?

• Question 31 Regarding data classification, what does “declassification” mean?

• Question 32 What is the general retention period of regulated documents?

• Question 33 What is considered to be a natural extension of the BIA when conducting a BCP?

• Question 34 Which of the following is not a primary reason a business classifies data?

• Question 35 In a business classification scheme, which classification refers to mission-critical data?

• Question 36 What is a security benefit of routinely deleting electronic documents that are no longer required for legal or business reasons?

• Question 37 Which U.S. military data classification refers to data that the unauthorized disclosure of which would reasonably be expected to cause serious damage to national security?

• Question 38 ___________ is/are key to security policy enforcement.

• Question 39 Your company does not want its employees to use the Internet to exchange personal e-mail during work hours. What is the best tool to use to ensure the company does not violate an employee’s right to privacy?

• Question 40 Which of the following is least likely to indicate the effectiveness of an organization’s security policies?

• Question 41 What is the name of a common control that is used across a significant population of systems, applications, and operations?

• Question 42 Which employee role is directly accountable to ensure that employees are implementing security policies consistently?

•       Question 43 Your company wants to minimize the risk of its employees sharing confidential company information via e-mail. What is the best tool to use to minimize this risk?

• Question 44 An employee used her company-owned computer to e-mail invitations to friends for her upcoming party, which violated the company’s acceptable use policy. Who is responsible for correcting the employee’s behavior?

• Question 45 What is a disadvantage of hard-coding a user name and password into an application to simplify guest access?

• Question 46 What is an example of “hardening”?

• Question 47 Which type of agreement would you have a contract system administrator (temporary worker) sign?

• Question 48 Which of the following is a policy that prohibits access or storage of offensive content?

• Question 49 What is pretexting associated with?

• Question 50 Who evaluates an organization’s technology controls and risks for compliance with internal security policies or regulations?

CIS 462 Final Exam Guide Set 2

• Question 1 What is the most reasonable way to deal with outdated technology that cannot conform to an organization’s security policies?

• Question 2 To be effective, which of the following must follow security policies?

• Question 3 Conducting __________ can be an effective security awareness program solution.

• Question 4 Accountability, lack of budget, lack of priority, and tight schedules are examples of ____________.

• Question 5 The primary objective of a security awareness program is to _________.

• Question 6 What is a common consequence of failing to adhere to an acceptable use policy (AUP)?

• Question 7 What is a benefit of instructor-led classroom training for security awareness?

• Question 8 Which of the following is generally not a part of a security awareness communications plan?

• Question 9 Which of the following methods is used to track compliance?

• Question 10 Which organization maintains the Common Vulnerabilities and Exposures (CVE) list?

• Question 11 Best practices for IT security policy compliance monitoring includes ___________.

• Question 12 Three major components of the ITIL life cycle are service transition, service operation, and service _________.

• Question 13 You want to identify active hosts on a network, detect open ports, and determine the operating system in use on servers. Which is the best tool to use?

• Question 14 Nessus® is a type of _______________.

• Question 15 Your company wants to minimize the risk of its employees sharing confidential company information via e-mail. What is the best tool to use to minimize this risk?

• Question 16 Which organizational committee ensures that an external service provider is meeting the service level agreement (SLA) in the contract?

• Question 17 ___________ is/are key to security policy enforcement.

• Question 18 In a large organization, what is the name of the entity that reviews technology activity and provides approvals before a project or activity can proceed to the next stage?

• Question 19 When monitoring an employee’s Internet use, which of the following can potentially violate an employee’s rights?

• Question 20 What is the name of a common control that is used across a significant population of systems, applications, and operations?

• Question 21 Which of the following is a manual control for enforcing security policies?Before an incident can be declared, the IRT must develop an incident ________ for incident response.

• Question 22 During which phase of incident response do IRT members study the attack and develop recommendations to prevent similar attacks in the future?

• Question 23 During which phase of incident response do IRT members recover from the attack and resume operations?

• Question 24 During which phase of incident response do IRT members stop the attack and gather evidence?

• Question 25 During which phase of incident response do IRT members stop the attack and gather evidence?

• Question 26 Triage is performed during which phase of incident response?

• Question 27 According to the Payment Card Industry Data Security Standard (PCI DSS), what is classified as an incident?

• Question 28 When analyzing an IT incident, which of the following is not something you need to identify?

• Question 29 When reporting an incident, the IRT team must first classify the _________ of the incident

• Question 30 A System Use Notification standard describes the on-screen display of system notification messages, such as a legal notice that the user is accessing a protected system. With which IT domain is this standard primarily associated?

• Question 31 A LAN Domain policy would include guidelines for which of the following?

• Question 32 A Separation of Environments standard establishes the need to separate the development environment from the production environment. With which IT domain is this standard primarily associated?

• Question 33 A User Internet Proxy standard and a Content-Blocking Tools Configuration standard would be associated primarily with which IT domain?

• Question 34 Baseline standards for the LAN Domain would include ____________.

• Question 35 Which of the following documents describes core control requirements for framework policies?

• Question 36 A PKI uses public and private ______ for the secure exchange of information.

• Question 37 When classifying documents in a business, the data owner must strike a balance between protection and _____________.

• Question 38 Which U.S. military data classification refers to data that the unauthorized disclosure of which would reasonably be expected to cause serious damage to national security?

• Question 39 In a business classification scheme, which classification refers to routine communications within the organization?

• Question 40 Before a BCP can be completed, a(n) _________ must first be completed and agreed upon by all the key departments within the organization.

• Question 41 Regarding data classification, what does “declassification” mean?

• Question 42 Which U.S. government data classification refers to confidential data that’s not subject to release under the Freedom of Information Act?

• Question 43 What is a security benefit of routinely deleting electronic documents that are no longer required for legal or business reasons?

• Question 44 Which of the following is not a primary reason a business classifies data?

• Question 45 Pam receives an offensive joke via e-mail from Larry, a co-worker. Which of the following helps Pam know the correct actions to take?

• Question 46 Which of the following is generally not true of contractor workers?

• Question 47 What is an example of “hardening”?

• Question 48 Who is most likely to have the least amount of security awareness about your organization?

• Question 49 Who evaluates an organization’s technology controls and risks for compliance with internal security policies or regulations?

• Question 50 Which type of agreement would you have a contract system administrator (temporary worker) sign?

CIS 462 Midterm Exam Updated

CIS 462 Midterm Exam Updated

Check this A+ tutorial guideline at

http://www.homeworkrank.com/cis-462-strayer/cis-462-midterm-exam-updated

For more classes visit

http://www.homeworkrank.com/

CIS 462 Midterm Exam Updated

(1) The use of encryption and digital signatures helps ensure that what was transmitted is the same as what was received. Which of the following is assured?

(2) Which of the following is not one of the four domains of the COBIT framework for ISS management?

(3) What is the primary goal of business process reengineering?

(4) Passwords and biometrics are most closely associated with which of the following?

(5) What does COBIT stand for?

(6) Which of the following is optional, and sets the parameters within which the others can be used?

(7) Which of the following is not true of segmented networks?

(8) You are on the West Coast but want to connect to your company’s intranet on the East Coast. You use a program to “tunnel” through the Internet to reach the intranet. Which technology are you using?

(9) A policy that addresses the use of personal mobile devices, such as a smartphone, to access an internal business network is an issue of which IT domain?

(10) After entering your user name and password, you enter a number displayed on a security token to gain access to your company’s network. Which type of authentication method does the security token represent?

(11) In the Workstation Domain, ____________ is the best method of reducing the risk of information leakage.

(12) Authentication and encryption of intranet traffic is a _______ Domain issue.

(13) __________ is the ability to reasonably ensure conformity and adherence to both internal and external policies, standards, procedures, laws, and regulations.

(14) What is included in an IT policy framework?

(15) Incident reporting, incident management, and user ID addition/removal are examples of which of the following?

(16) Which of the following are written instructions on how to comply with standards?

(17) What is something you can measure against to demonstrate value, such as gauging if you’ve reasonably covered risks in your organization?

(18) Which personality type tends to be best suited for delivering security awareness training?

(19) In Kotter’s change model, which step is generally part of informal discussions rather than part of the formal implementation process?

(20) A primary reason why security policies often fail is ___________.

(21) Which of the following is not true of security policy enforcement?

(22) In Kotter’s change model, in which step does the ISO work with line management to collect metrics for assessing the policies’ effectiveness and ensure metrics are meaningful?

(23) Which personality type tends to be associated with good leaders?

(24) The basic elements of motivation include pride, success, and __________.

(25) Disaster recovery and tape backups are examples of which type of security control?

(26) What is the primary role of a security policy evangelist?

(27) Before you begin security policy awareness training, what is the first step you should take to help ensure success?

(28) Which of the following is not a security awareness training best practice?

(29) When publishing an internal security policy or standard, which role or department usually gives final approval?

(30) One of the key factors of a successful implementation of an organization-wide security policy

is _______________.

(31) A business _______ emerges when an organization cannot meet its obligation or duty.

(32) Which of the following is a physical control?

(33) What does “tone at the top” refer to?

(34) Which of the following is not a typical method of protecting intellectual property (IP)?

(35) A procedure for cleaning a virus from a system is an example of which type of security control?

(36) An organization’s security awareness program is an example of which type of security control?

(37) Which of the following is a key measurement of an organization’s risk appetite?

(38) The core requirement of an automated IT security control library is that the information is ________.

(39) Who is responsible for executing policies and procedures, such as backup and versioning?

(40) Which IT framework extends the COBIT framework and is a comprehensive risk management approach?

(41) In the financial services sector, the use of the “three lines of defense” includes the business unit (BU), a risk management program, and ______________.

(42) Which security policy framework focuses on concepts, practices, and processes for managing and delivering IT services?

(43) ___________ refers to the degree of risk an organization is willing to accept.

(44) To which sector does the Gramm-Leach-Bliley Act apply primarily?

(45) To protect information systems and assess risk, NIST standards describe inventorying hardware and software, categorizing risk levels, and which controls to apply, among others. One standard involves certification and accreditation. What is the purpose of this process?

(46) Which compliance law concept states that individuals should know what information about them is being collected and should be told how that information is being used?

(47) Which law applies to educational institutions and protects students’ records?

(48) Which of the following is not a key component that must be covered in an organization’s security policy for CIPA compliance?

(49) A popular social networking site recently changed its privacy policy regarding personal profiles. To prevent your profile information from being shared with anyone on the Internet, you must check a box requesting privacy. What is this an example of?

(50) Which of the following focuses on the payment card industry?

CIS 462 Midterm Exam Set 2

• Question 1 Who is responsible for data quality within an enterprise?

• Question 2 ___________ refers to the degree of risk an organization is willing to accept.

• Question 3 Which security policy framework, developed by CERT, focuses on information security assessment and planning?

• Question 4 Which IT framework extends the COBIT framework and is a comprehensive risk management approach?

• Question 5 Which security policy framework focuses on concepts, practices, and processes for managing and delivering IT services?

• Question 6 The core requirement of an automated IT security control library is that the information is ________.

• Question 7 A fundamental component of internal control for high-risk transactions is __________.

• Question 8 An unauthorized user accessed protected network storage and viewed personnel records. What has been lost?

• Question 9 During which phase of the COBIT ISS management life cycle do you review how you are going to manage your IT investment such as contracts, service level agreements (SLAs), and new policy ideas?

• Question 10 Which of the following starts as an industry norm, and over time, becomes the measuring stick by which regulators judge organizations?

• Question 11 Passwords and biometrics are most closely associated with which of the following?

• Question 12 Policies and procedures differ in that policies are ________ and procedures are __________.

• Question 13 Which of the following is optional, and sets the parameters within which the others can be used?

• Question 14 A backup generator is an example of which type of security control?

• Question 15 What does “tone at the top” refer to?

• Question 16 Log monitoring and review is an example of which type of security control?

• Question 17 A(n) _______ is a confirmed event that compromises the confidentiality, integrity, or availability of information.

• Question 18 Which of the following is a physical control?

• Question 19 Which of the following is not a generally accepted principle for implementing a security awareness program?

• Question 20 In which domain is virtual private networking a security control?

• Question 21 You are on the West Coast but want to connect to your company’s intranet on the East Coast. You use a program to “tunnel” through the Internet to reach the intranet. Which technology are you using?

• Question 22 You swipe your finger over your laptop’s fingerprint reader to unlock the computer. Which type of authentication method are you using?

• Question 23 Authentication and encryption of intranet traffic is a _______ Domain issue.

• Question 24 In which IT domain do service level agreements help ensure the reliability and speed of a network connection?

• Question 25 In the Workstation Domain, ____________ is the best method of reducing the risk of information leakage.

• Question 26 In Kotter’s change model, in which step does the ISO tune the message so the value of implementing the policy makes sense?

• Question 27 In Kotter’s change model, which of the following is true as part of Step 1: Create urgency?

• Question 28 In an organization, which of the following roles is responsible for the day-to-day maintenance of data?

• Question 29 The basic elements of motivation include pride, success, and __________.

• Question 30 In Kotter’s change model, in which step does the ISO work with line management to collect metrics for assessing the policies’ effectiveness and ensure metrics are meaningful?

• Question 31 Which personality type tends to be associated with good leaders?

• Question 32 Which of the following is not true of auditors?

• Question 33 To which sector does HIPAA apply primarily?

• Question 34 Which compliance law concept states that individuals should know what information about them is being collected and should be told how that information is being used?

• Question 35 Which of the following is not true of the Sarbanes-Oxley Act?

• Question 36 Which of the following is not a key component that must be covered in an organization’s security policy for CIPA compliance?

• Question 37 Which law was challenged by the American Library Association and the American Civil Liberties Union claiming it violated free speech rights of adults?

• Question 38 Which law applies to educational institutions and protects students’ records?

• Question 39 Which of the following focuses on the payment card industry?

• Question 40 Which of the following generally merits a change to a security policy that should be reviewed by a policy change board?

• Question 41 What is a potential disadvantage of using consecutive numbers in a policy library?

• Question 42 Antivirus systems, cryptographic systems, and firewalls are examples of which type of security control?

• Question 43 Which of the following is not a valid reason for using a taxonomy to organize an IT policy library?

• Question 44 Which of the following is generally not an objective of a security policy change board?

• Question 45 Which principle for developing policies, standards, baselines, procedures, and guidelines discusses a series of overlapping layers of controls and countermeasures?

• Question 46 Your organization was awarded a U.S. government contract. You need to ensure your organization adheres to an acceptable IT security framework. Which of the following is the best choice?

• Question 47 Which of the following might specify the proper use of a cutting-edge technology even if the security vulnerabilities are still unknown?

• Question 48 The program framework policy or information security program charter is the ____________ document.

• Question 49 Which of the following is one of the prime objectives of an information security program?

• Question 50 What is included in an IT policy framework?

CIS 462 Week 2 Case Study 1 Acceptable Use Policy Updated

CIS 462 Week 2 Case Study 1 Acceptable Use Policy Updated

Check this A+ tutorial guideline at

http://www.homeworkrank.com/cis-462-strayer/cis-462-week-2-case-study-1-acceptable-use-policy-updated

For more classes visit

http://www.homeworkrank.com/

CIS 462 Week 2 Case Study 1 Acceptable Use Policy Updated

Due Week 2 and worth 100 points

An Acceptable Use Policy (AUP) is a very important policy within organizations to define acceptable employee behavior when accessing company resources. Additionally, there are also legal implications within AUPs. Use an existing AUP that you are familiar with, such as from a current or previous workplace, or search on the Internet for an example AUP to complete this case study.

Write a three to five (3-5) page paper in which you:

1. Describe the purpose of an Acceptable Use Policy you have selected and explain how the AUP helps provide confidentiality, integrity, and availability within the organization.

2. Critique the AUP you selected and provide recommendations for improving the AUP.

3. Explain methods that organizations can implement to help ensure compliance with the AUP, mitigate their risk exposure, and minimize liability. Describe how your selected AUP accomplishes these goals.

4. Describe methods for increasing the awareness of the AUP, and other policies, within the organization.

5. Use at least three (3) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.

• Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

• Analyze how security policies help mitigate risks and support business processes in various domains in the information technology (IT) infrastructure.

• Describe the different ISS policies associated with the user domain.

• Use technology and information resources to research issues in security strategy and policy formation.

• Describe different issues related to implementing and enforcing ISS policies.

• Write clearly and concisely about Information Systems Security Policy topics using proper writing mechanics and technical style conventions.

CIS 462 Week 4 Assignment 1 IT Security Policy Framework Updated

CIS 462 Week 4 Assignment 1 IT Security Policy Framework Updated

Check this A+ tutorial guideline at

http://www.homeworkrank.com/cis-462-strayer/cis-462-week-4-assignment-1-it-security-policy-framework-updated

For more classes visit

http://www.homeworkrank.com/

CIS 462 Week 4 Assignment 1 IT Security Policy Framework Updated

Due Week 4 and worth 100 points

Establishing an effective Information Technology Security Policy Framework is critical in the development of a comprehensive security program. Additionally, there are many security frameworks that organizations commonly reference when developing their security programs. Review the security frameworks provided by NIST (SP 800-53), ISO / IEC 27000 series, and COBIT. Assume that you have been hired as a consultant by a medium-sized insurance organization and have been asked to draft an IT Security Policy Framework.

You may create and / or assume all necessary assumptions needed for the completion of this assignment.

Write a three to five (3-5) page paper in which you:

1. Select a security framework, describe the framework selected, and design an IT Security Policy Framework for the organization.

2. Describe the importance of and method of establishing compliance of IT security controls with U.S. laws and regulations, and how organizations can align their policies and controls with the applicable regulations.

3. Analyze the business challenges within each of the seven (7) domains in developing an effective IT Security Policy Framework.

4. Describe your IT Security Policy Framework implementation issues and challenges and provide recommendations for overcoming these implementation issues and challenges.

5. Use at least three (3) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.

• Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

• Identify the role of an information systems security (ISS) policy framework in overcoming business challenges.

• Use technology and information resources to research issues in security strategy and policy formation.

• Design a security policy framework.

• Write clearly and concisely about Information Systems Security Policy topics using proper writing mechanics and technical style conventions.

CIS 462 Week 6 Case Study 2 SCADA Worm Updated

CIS 462 Week 6 Case Study 2 SCADA Worm Updated

Check this A+ tutorial guideline at

http://www.homeworkrank.com/cis-462-strayer/cis-462-week-6-case-study-2-scada-worm-updated

For more classes visit

http://www.homeworkrank.com/

CIS 462 Week 6 Case Study 2 SCADA Worm Updated

Due Week 6 and worth 100 points

Protecting the nation’s critical infrastructure is a major security challenge within the U.S. Likewise, the responsibility for protecting the nation’s critical infrastructure encompasses all sectors of government, including private sector cooperation. Search on the Internet for information on the SCADA Worm, such as the article located athttp://www.theregister.co.uk/2010/09/22/stuxnet_worm_weapon/.

Write a three to five (3-5) page paper in which you:

1. Describe the impact and the vulnerability of the SCADA / Stuxnet Worm on the critical infrastructure of the United States.

2. Describe the methods to mitigate the vulnerabilities, as they relate to the seven (7) domains.

3. Assess the levels of responsibility between government agencies and the private sector for mitigating threats and vulnerabilities to our critical infrastructure.

4. Assess the elements of an effective IT Security Policy Framework, and how these elements, if properly implemented, could prevent or mitigate and attack similar to the SCADA / Stuxnet Worm.

5. Use at least three (3) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.

• Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

• Identify the role of an information systems security (ISS) policy framework in overcoming business challenges.

• Compare and contrast the different methods, roles, responsibilities, and accountabilities of personnel, along with the governance and compliance of security policy framework.

• Describe the different ISS policies associated with the user domain.

• Use technology and information resources to research issues in security strategy and policy formation.

• Analyze the different ISS policies associated with the IT infrastructure.

• Write clearly and concisely about Information Systems Security Policy topics using proper writing mechanics and technical style conventions.

CIS 462 Week 8 Assignment 2 Business Impact Analysis Updated

CIS 462 Week 8 Assignment 2 Business Impact Analysis Updated

Check this A+ tutorial guideline at

http://www.homeworkrank.com/cis-462-strayer/cis-462-week-8-assignment-2-business-impact-analysis-updated

For more classes visit

http://www.homeworkrank.com/

CIS 462 Week 8 Assignment 2 Business Impact Analysis Updated

Due Week 8 and worth 100 points

In order for an organization to develop an effective business continuity plan or disaster recovery plan, it must know what information assets it has, their impact on business operations, and the criticality and priorities associated with the information systems and assets. The primary objective of a business impact analysis (BIA) is to identify the assets that are required for continued business operations in the event of an incident or disaster. Thus, a critical step in the development of an effective BIA includes establishing component priorities and determining component reliance and dependencies. Additionally, organizational personnel must know their responsibilities during recovery efforts.

Write a three to five (3-5) page paper in which you:

1. Describe the methods for establishing component priorities, including:

1. Business functions and processes

2. BIA scenarios and components

3. Financial and service impact of components not being available

4. Recovery time frameworks

2. Describe the methods for determining component reliance and dependencies, including:

1. Component dependencies

2. Resources required to recover component in the event of failure

3. Human assets needed to recover components

3. Provide recommendations for the development of the BIA, management and other personnel responsibilities, and educating company personnel that would be involved in the recovery efforts.

4. Use at least three (3) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.

• Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

• Describe the different ISS policies associated with risk management.

• Use technology and information resources to research issues in security strategy and policy formation.

• Write clearly and concisely about Information Systems Security Policy topics using proper writing mechanics and technical style conventions.

CIS 462 Week 10 Term Paper Disaster Recovery Plan Updated

CIS 462 Week 10 Term Paper Disaster Recovery Plan Updated

Check this A+ tutorial guideline at

http://www.homeworkrank.com/cis-462-strayer/cis-462-week-10-term-paper-disaster-recovery-plan-updated

For more classes visit

http://www.homeworkrank.com/

CIS 462 Week 10 Term Paper Disaster Recovery Plan Updated

Due Week 10 and worth 200 points

This assignment consists of two (2) parts: a written paper and a PowerPoint presentation. You must submit both parts as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for. Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment.

In recent years, organizations have witnessed the impact of having effective and non-effective business continuity plans and disaster recovery plans. In today’s environment, with significant potential natural disasters, terrorist threats, and other man-made threats, it is critical that organizations develop effective business continuity plans and disaster recovery plans. Select an organization that you are familiar with, such as where you currently or previously have worked, contact a local organization, or search on the Internet for the needed detail of an organization you are interested in. Prepare a disaster recovery plan policy for that organization.

Part 1: Written Paper

1. Write a six to eight (6-8) page paper in which you:

2. Provide an overview of the organization that will be delivered to senior management, defining the business goals and objectives and the size, layout, and structure of the organization.

3. Include a diagram of the organization’s network architecture and the proposed network architecture of an alternate computing facility in the event of a disaster (or the actual network architecture of the alternate computing facility if one already exists) through the use of graphical tools in Microsoft Word or Visio, or an open source alternative such as Dia.Note: The graphically depicted solution is not included in the required page length.

4. Develop the DRP Policy, including:

1. Disaster declaration

2. Assessment of security

• Potential disaster scenarios and methods of dealing with the disaster

1. Disaster recovery procedures

1. Develop an Incident Response Team (IRT) charter, which includes the following sections:

1. Executive summary

2. Mission statement

• Incident declaration

1. Organizational structure

2. Roles and responsibilities

3. Information flow and methods of communication

• Methods and services provided by the IRT

• Authority and reporting procedures

Your assignment must follow these formatting requirements:

• Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.

• Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

• Include charts or diagrams created in MS Visio or Dia as an appendix of the infrastructure document. All references to these diagrams must be included in the body of the infrastructure document.

Part 2: PowerPoint Presentation

Use Microsoft PowerPoint to:

1. Create a twelve to fourteen (12-14) slide presentation that will be presented to the agency’s management, in which you:

1. Summarize the elements of the DRP Policy and IRT Charter, covering the main elements from Steps 3 and 4 above.

2. Include an introduction and conclusion slide.

The specific course learning outcomes associated with this assignment are:

• Describe the different ISS policies associated with risk management.

• Use technology and information resources to research issues in security strategy and policy formation.

• Compare and contrast the different ISS policies associated with incident response teams (IRT).

• Write clearly and concisely about Information Systems Security Policy topics using proper writing mechanics and technical style conventions.