DeVry SEC 591 Full Course Latest




DeVry SEC 591 Full Course Latest


Week 1 discussion

DQ1 Assessing risk using the TAM

What is a risk assessment? How does the threat assessment model (TAM) relate to Risk Assessment activities? Why do you believe it is useful to help define these terms for analytical evaluations?

DQ2 The rationale for contingency planning

What is the relationship between technology and competitive advantage in today’s economy? Why is it so important to consider IT risk management, disaster recovery, and contingency planning?

Week 2 discussion

DQ1 The Value of the BIA

In the context of Risk Assessment (RA), what is the value of a Business Impact Analysis (BIA)? How is the RA process related to the BIA process?

DQ2 The Contingency Plan Coordinator

What is the role of the Contingency Plan Coordinator (CPC) in the scope of preparing a BIA? Should the CPC develop the BIA on their own? What is the risk of not involving the business and IT stakeholders? Who should they involve and why?

Week 3 discussion

DQ1 Recovery Strategy

Recovery Strategies (RS) are used to respond to business impacts outlined in the BIA. What considerations should be in place in addition to the BIA? Should the CPC be factored in to the strategy? How does leadership reflect upon the Recovery Strategy?

DQ2 Data Backup Strategies

Data backups are critical to long-term business continuity. What would you consider to be core strategies related to data backup? How should backup, fault tolerance, and redundancy technologies be used in concert to guarantee the CIA of the information system?

Week 4 discussion

DQ1 Should We Disrupt Operations to Test?

Section 3.5 of the SP800-34-rev1 discusses the importance of testing, classroom, and functional exercises; this week in lecture we touched on the various types of testing that DRPs undergo. How much testing is appropriate? How is success measured?

DQ2 Auditing the DRP to Standards

Evaluate the following documents:

  1. 1.AIRMIC ERM & ISO31000 ( ERM ISO31000 ); note this site requires an e-mail address to obtain the document for personal use only.So this reference is optional.
  2. 2.ISO 17799 Security Standard (
  3. 3.NIST 800-34 rev1

How could a firm use each of these standards? Are they redundant? Do they serve separate purposes? Which would you be likely to deploy or use, and why? Are there other standards or sources of information that would be useful?

Week 5 discussion

DQ1 Scaling Storage

Let’s discuss some of the risks and advantages associated with virtualization, NAS, and SAN. Transitioning from client/server to data center architecture, these concepts are discussed in NIST SP800-34 Section 5, and may be easily found on the Web. Is there a barrier to entry? What is the difference between file-oriented storage and transaction-oriented storage? What are the pros and cons of each technology and where is their sweet spot? Is there a cost barrier? Within the scope of this discussion, we’ll also talk about encapsulating SCSI protocol in TCP/IP (iSCSI) and other forms of network storage. How does scaling our storage architecture relate to Risk Management/Contingency Planning?

DQ2 Scaling and Recovering the WAN

SONET, ISDN, Frame Relay, ATM – all of these are wide area protocol examples that are traditionally associated with leased circuits, which can include ISDN BRI/PRI; DS-x – T1, T2, and T3; or Optical Carrier circuits (OC). These concepts are explored briefly in the NIST SP800-34 Section 5, but you can easily find more information on the Web. In a disaster recovery situation, what is the benefit of a leased circuit over an open or virtual circuit? Can you exploit a connection to an ISP?

These days, some firms are forgoing the expense of a private leased WAN in favor of a public vWAN. What challenges do you foresee guaranteeing CIA over the WAN function with this approach? How does managing the WAN relate to contingency planning?

Week 6 discussion

DQ1 Crisis Communication of Giuliani & Nagin

Research Rudolph Giuliani and C. Ray Nagin in the context of both their disasters that happened while holding the Office of the Mayor for New York City and New Orleans, respectively: 9/11 and Hurricane Katrina. Compare and contrast these two subjects given their communication to the public both during and after the disaster. What was different? How does controlled crisis communication affect DRP execution?

DQ2 Crisis Communication Plan (graded)

What is the role of the Crisis Communication Plan (CCP) in the NIST SP800-34 Framework? Does a CCP differ from a press release? If so, how? Are shareholder or consumer or employee or public perceptions about your handling of a disaster important? What happens if the CCP is bad or does not exist at all?

Week 7 discussion

DQ1 Securing a crime scene

Examine the “five steps” to the evidentiary process if the incident caused a severe outage. How does this process grain against the impulse of the IT Manager or Contingency Plan Coordinator? How does the Cyber Incident Response Plan (CIRP, NIST SP800-34) address this problem?

DQ2 Understanding the exceptions

Review the U.S. Department of Justice document explaining the Fourth Amendment protections in context of preparing electronic evidence. What are some noteworthy issues, recommendations, observations, or comments you have regarding these exceptions?

Week 3 quiz

  1. 1.Who are key participants in the BIA?


Business Leadership and Stakeholders

IT Managers and Facilities Manager

Chief Legal Officer, Internal Audit, and the CIO

Question 2. According to Toigo, what is the purpose of the Criticality Spectrum?

Question 3. According to Toigo, what are the two basic operations of Risk Analysis?

Meetings and paperwork

Data collection and analysis

Review and publication

Study and review

Question 4. What are the five goals of conducting a BIA? Identify each of them and describe their importance.

Week 6 quiz

1.Question Why is a virtual circuit considered risky?

  1. a.The capacity is restricted by the telecom provider.
  2. b.It may not have the reliability and bandwidth of a leased circuit and its SLA.
  3. c.The technology is too new to be reliable.
  4. d.The circuit is only a simulation of a leased line.

Question 2. Define MTBF and its relationship to contingency planning activities.

Question 3. During a crisis, managing perceptions is very important. Discuss the NIST SP800-34 view of the CCP.

Question 4. When a DRP is activated after a “disaster” is declared, there are at least four processes that need to begin.List four of the initial processes and describe the function of each.

Week 4 course project

Project Deliverable #1 (Due Week 4) – TCOs B and C

Using the Omega Case Study, complete the BIA template for their SAP system. Note, the BIA template is appendix B of the NIST SP 800-34 rev 1 document.

Provide a one to two page analysis summarizing the results to the executive management team of Omega. The summary should highlight the priority of business functions, along with the potential for loss in the event of a disaster or sustained outage.

Submit your assignment to the Dropbox, located at the top of this page. For instructions on how to use the Dropbox, read these step-by-step instructions.

See the Syllabus section “Due Dates for Assignments & Exams” for due date information.

Week 7 course project

Project Deliverable #2 (Due Week 7) – TCO D

Using the Omega Case Study, complete the Information System Contingency Plan template for their SAP system.Note, the ISCP template is appendix A.3 of the NIST SP 800-34 rev 1 document.

Provide a three to five page analysis summarizing the plan to the executive management team of Omega. The summary should effectively describe the recovery process in a manner that will allow the Senior Leadership to understand the timing, resources, and recovery options.

Submit your assignment to the Dropbox, located at the top of this page. For instructions on how to use the Dropbox, read these step-by-step instructions.

See the Syllabus section “Due Dates for Assignments & Exams” for due date information.


DeVry Courses helps in providing the best essay writing service. If you need 100% original papers for DeVry SEC 591 Full Course Latest, then contact us through call or live chat.

DeVry SEC 591 Full Course Latest

Best DeVry SEC 591 Full Course Latest

DeVry SEC 591 Full Course Latest