Page 1

CIS 359 Final Exam Set 1

For more classes visit www.snaptutorial.com CIS 359 Final Exam Set 1 • Question 1 ____ are likely in the event of a hacker attack, when the attacker retreats to a chat room and describes in specific detail to his or her associates the method and results of his or her latest conquest. • Question 2 Contingency strategies for ____ should emphasize the need for absolutely reliable data backup and recovery procedures because they have less inherent redundancy than a distributed architecture. • Question 3 A ____ is a description of the disasters that may befall an organization, along with information on their probability of occurrence, a brief description of the organization’s actions to prepare for that disaster, and the best case, worst case, and most likely case outcomes of the disaster. • Question 4


The primary vehicle for articulating the purpose of a disaster recovery program is the ____. • Question 5 The ____ assembles a disaster recovery team. • Question 6 A ____ is a collection of nodes in which the segments are geographically dispersed and the physical link is often a data communications channel provided by a public carrier. • Question 7 Deciding which technical contingency strategies are selected, developed, and implemented is most often based on the type of ____ being used.

• Question 8

____ are highly probable when infected machines are brought back online or when other infected computers that may have been offline at the time of the attack are brought back up.

• Question 9 A(n) ____ occurs when a situation results in service disruptions for weeks or months, requiring a government to declare a state of emergency.


• Question 10

The ____ team is responsible for providing the initial assessments of the extent of damage to equipment and systems on-site and/or for physically recovering the equipment to be transported to a location where the other teams can evaluate it.

• Question 11

During the ____ phase, the organization begins the recovery of the most time-critical business functions - those necessary to reestablish business operations and prevent further economic and image loss to the organization.

• Question 12

In the context of disaster notification, the ____ is a scripted description of the disaster and consists of just enough information so that each response knows what port of the DR plan to implement.


• Question 13 The ____ team is responsible for working with the remainder of the organization to assist in the recovery of nontechnology functions.

• Question 14

The ____ involves providing copies of the DR plan to all teams and team members for review.

• Question 15

____ is the inclusion of action steps to minimize the damage associated with the disaster on the operations of the organization.

• Question 16


The ____ team is primarily responsible for data restoration and recovery.

• Question 17

In the ____ phase of the BC plan, the organization specifies what type of relocation services are desired and what type of data management strategies are deployed to support relocation.

• Question 18

The ____ is the amount of time that a business can tolerate losing capabilities until alternate capabilities are available.

• Question 19

The ____ is the point in the past to which the recovered applications and data at the alternate infrastructure will be restored.


• Question 20

The plan maintenance schedule in a BC policy statement should address the ____ of reviews, along with who will be involved in each review.

• Question 21

The ____ section of the business continuity policy provides an overview of the information storage and retrieval plans of the organization.

• Question 22

In the ____ section of the business continuity policy, the training requirements for the various employee groups are defined and highlighted.

• Question 23

____ planning represents the final response of the organization when faced with any interruption of its critical operations.


• Question 24

What phase of the BC plan specifies under what conditions and how the organization relocates from the primary to the alternate site?

• Question 25

The CM ____ is responsible for overseeing the actions of the crisis management team and coordinating all crisis management efforts in cooperation with disaster recovery and/or business continuity planning, on an as-needed basis.

• Question 26

____ is the process of ensuring that every employee is trained to perform at least part of the job of another employee.


• Question 27

____ is the movement of employees from one position to another so they can develop additional skills and abilities.

• Question 28

In contrast to emergency response that focuses on the immediate safety of those affected, ____ addresses the services needed to get the organization and its stakeholders back to original levels of productivity or satisfaction.

• Question 29

____ are those steps taken to inform stakeholders regarding the timeline of events, the actions taken, and sometimes the reasons for those actions.

• Question 30


A(n) ____ is created to enable management to gain and maintain control of ongoing emergency situations, to provide oversight and control to designated first responders, and to marshal IR, DR, and DC plans and resources as needed.

• Question 31

A ____ is defined by the ICM as a disruption in the company’s business that occurs without warning and is likely to generate news coverage and may adversely impact employees, investors, customers, suppliers, and other stakeholders.

• Question 32

Cross-training provides a mechanism to get everyone out of the crime scene and thus prevent contamination of possible evidentiary material.

• Question 33

The ____ handles computer crimes that are categorized as felonies.


• Question 34

The forensic tool ____ does extensive pre-processing of evidence items that recovers deleted files and extracts e-mail messages.

• Question 35

____ is used both for intrusion analysis and as part of evidence collection and analysis.

• Question 36

____ is the determination of the initial flaw or vulnerability that allowed an incident to occur.

• Question 37

Most digital forensic teams have a prepacked field kit, also known as a(n) ____.


• Question 38

Many private sector organizations require a formal statement, called a(n) ____, which provides search authorization and furnishes much of the same information usually found in a public sector search warrant.

• Question 39

One way to identify a particular digital item (collection of bits) is by means of a(n) ____.

• Question 40

The ____ phase of forensic analysis involves the use of forensic tools to recover the content of files that were deleted, operating system artifacts (such as event data and logging of user actions), and other relevant facts.

• Question 41

Because it is possible for investigators to confuse the suspect and destination disks when performing imaging, and to preclude any grounds for challenging the image output, it is common practice to protect the suspect media using a ____.


• Question 42

If a user receives a message whose tone and terminology seems intended to invoke a panic or sense of urgency, it may be a(n) ____.

• Question 43

When an incident includes a breach of physical security, all aspects of physical security should be escalated under a containment strategy known as ____.

• Question 44

Clifford Stoll’s book, ____, provides an excellent story about a realworld incident that turned into an international tale of espionage and intrigue.

• Question 45

There are a number of professional IR agencies, such as ____, that can provide additional resources to help prevent and detect DoS incidents.


• Question 46

The CSIRT may not wish to “tip off” attackers that they have been detected, especially if the organization is following a(n) ____ approach.

• Question 47

Which of the following is the most suitable as a response strategy for malware outbreaks?

• Question 48 Essentially a DoS attack, a ____ is a message aimed at causing organizational users to waste time reacting to a nonexistent malware threat.

• Question 49 According to NIST, which of the following is an example of a UA attack?

• Question 50 ____ is a common indicator of a DoS attack.


********************************************************

CIS 359 Midterm Exam Set 1

For more classes visit www.snaptutorial.com CIS 359 Midterm Exam Set 1

Question 1

A CSIRT model that is effective for large organizations and for organizations with major computing resources at distant locations is the ____.


Question 2

The first group to communicate the CSIRT’s vision and operational plan is the managerial team or individual serving as the ____.

Question 3

Those services performed in response to a request or a defined event such as a help desk alert are called ____.

Question 4


One way to build and maintain staff skills is to develop incidenthandling ____ and have the team members discuss how they would handle them.

Question 5

Giving the IR team the responsibility for ____ is generally not recommended.

Question 6


When an organization completely outsources its IR work, typically to an on-site contractor, it is called a(n) ____ model.

Question 7

The focus during a(n) ____ is on learning what worked, what didn’t, and where communications and response procedures may have failed.

Question 8

Those services undertaken to prepare the organization or the CSIRT constituents to protect and secure systems in anticipation of problems, attacks, or other events are called ____.


Question 9

____ are closely monitored network decoys serving that can distract adversaries from more valuable machines on a network; can provide early warning about new attack and exploitation trends; and can allow in-depth examination of adversaries during and after exploitation.

Question 10

Using a process known as ____, network-based IDPSs look for attack patterns by comparing measured activity to known signatures in their knowledge base to determine whether or not an attack has occurred or may be under way.


Question 11

In an attack known as ____, valid protocol packets exploit poorly configured DNS servers to inject false information to corrupt the servers’ answers to routine DNS queries from other systems on that network.

Question 12

The use of IDPS sensors and analysis systems can be quite complex. One very common approach is to use an open source software program called ____ running on an open source UNIX or Linux system that can be managed and queried from a desktop computer using a client interface.


Question 13

The ____ approach for detecting intrusions is based on the frequency with which certain network activities take place.

Question 14

A(n) ____ , a type of IDPS that is similar to the NIDPS, reviews the log files generated by servers, network devices, and even other IDPSs.

Question 15


The ____ is a federal law that creates a general prohibition on the realtime monitoring of traffic data relating to communications.

Question 16

A(n) ____ is often included in legal documents to ensure that a vendor is not liable for actions taken by a client.

Question 17


A ____ is an agency that provides physical facilities in the event of a disaster for a fee.

Question 18

A potential disadvantage of a ____ site-resumption strategy is that more than one organization might need the facility simultaneously.

Question 19

An organization aggregates all local backups to a central repository and then backs up that repository to an online vendor, with a ____ backup strategy.


Question 20

A(n) ____ is an extension of an organization’s intranet into cloud computing.

Question 21

A ____ is a synonym for a virtualization application.

Question 22


____ uses a number of hard drives to store information across multiple drive units.

Question 23

A resumption location known as a ____ is a fully configured computer facility capable of establishing operations at a moment’s notice.

Question 24


Some recovery strategies seek to improve the ____ of a server or system in addition to, or instead of, performing backups of data.

Question 25

The ____ is used to collect information directly from the end users and business managers.

Question 26

The purpose of the ____ is to define the scope of the CP operations and establish managerial intent with regard to timetables for response to incidents, recovery from disasters, and reestablishment of operations for continuity.


Question 27

To a large extent, incident response capabilities are part of a normal IT budget. The only area in which additional budgeting is absolutely required for incident response is the maintenance of ____.

Question 28

An manual alternative to the normal way of accomplishing an IT task might be employed in the event that IT is unavailable. This is called a ____.


Question 29

What is a common approach used in the discipline of systems analysis and design to understand the ways systems operate and to chart process flows and interdependency studies?

Question 30

Which of the following collects and provides reports on failed login attempts, probes, scans, denial-of-service attacks, and detected malware?

Question 31


The last stage of a business impact analysis is prioritizing the resources associated with the ____, which brings a better understanding of what must be recovered first.

Question 32

The final component to the CPMT planning process is to deal with ____.

Question 33


The ____ job functions and organizational roles focus on protecting the organization’s information systems and stored information from attacks.

Question 34

A(n) ____ is a detailed examination of the events that occurred, from first detection of an incident to final recovery.

Question 35

Incident analysis resources include network diagrams and lists of ____, such as database servers.


Question 36

The U.S. National Institute of Standards and Technology recommends a set of tools for the CSIRT including incident reporting mechanisms with which users can report suspected incidents. At least one of these mechanisms should permit people to report incidents ____.

Question 37

A(n) ____ is a CSIRT team member, other than the team leader, who is currently performing the responsibilities of the team leader in scanning the organization’s information infrastructure for signs of an incident.


Question 38

____ is the process of systematically examining information assets for evidentiary material that can provide insight into how an incident transpired.

Question 39

A favorite pastime of information security professionals is ____, which is a simulation of attack and defense activities using realistic networks and information systems.

Question 40


Should an incident begin to escalate, the CSIRT team leader continues to add resources and skill sets as necessary to attempt to contain and terminate the incident. The resulting team is called the ____ for this particular incident.

Question 41

General users require training on the technical details of how to do their jobs securely, including good security practices, ____ management, specialized access controls, and violation reporting.

Question 42


The ____ illustrates the most critical characteristics of information and has been the industry standard for computer security since the development of the mainframe.

Question 43

____ assigns a risk rating or score to each information asset. Although this number does not mean anything in absolute terms, it is useful in gauging the relative risk to each vulnerable information asset and facilitates the development of comparative ratings later in the risk control process.

Question 44


A ____ deals with the preparation for and recovery from a disaster, whether natural or man-made.

Question 45

A(n) ____ is any clearly identified attack on the organization’s information assets that would threaten the assets’ confidentiality, integrity, or availability.

Question 46


A ____ is a document that describes how, in the event of a disaster, critical business functions continue at an alternate location while the organization recovers its ability to function at the primary site.

Question 47

A(n) ____ is an object, person, or other entity that is a potential risk of loss to an asset.

Question 48

A(n) ____ is used to anticipate, react to, and recover from events that threaten the security of information and information assets in an organization; it is also used to restore the organization to normal modes of business operations;


Question 49

Information assets have ____ when they are not exposed (while being stored, processed, or transmitted) to corruption, damage, destruction, or other disruption of their authentic states.

Question 50

____ hack systems to conduct terrorist activities through network or Internet pathways.

********************************************************


CIS 359 Midterm Exam Set 2

For more classes visit www.snaptutorial.com 1. One of the primary responsibilities of the IRP team is to ensure that the ____ is prepared to respond to each incident it may face.

2. A(n) ____ is a detailed examination of the events that occurred, from first detection of an incident to final recovery.

3. ____ is the process of systematically examining information assets for evidentiary material that can provide insight into how an incident transpired.

4. The Southeast Collegiate Cyber Defense Competition is unique in that it focuses on the operational aspect of managing and protecting an existing network infrastructure. Unlike “capture-the-flag � exercises, this competition is exclusively a real-world ____ competition.


5. Should an incident begin to escalate, the CSIRT team leader continues to add resources and skill sets as necessary to attempt to contain and terminate the incident. The resulting team is called the ____ for this particular incident.

6. A(n) ____ is a CSIRT team member, other than the team leader, who is currently performing the responsibilities of the team leader in scanning the organization’s information infrastructure for signs of an incident.

7. The training delivery method with the lowest cost to the organization is ____.

8. The U.S. National Institute of Standards and Technology recommends a set of tools for the CSIRT including incident reporting mechanisms with which users can report suspected incidents. At least one of these mechanisms should permit people to report incidents ____.

9. A(n) ____ is an object, person, or other entity that is a potential risk of loss to an asset.

10. A(n) ____ is used to anticipate, react to, and recover from events that threaten the security of information and information assets in an organization; it is also used to restore the organization to normal modes of business operations;


11. A ____ is a document that describes how, in the event of a disaster, critical business functions continue at an alternate location while the organization recovers its ability to function at the primary site.

12. ____ hack systems to conduct terrorist activities through network or Internet pathways.

13. ____ is the risk control approach that attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation.

14. ____ ensures that only those with the rights and privileges to access information are able to do so.

15. ____ is a risk control approach that attempts to shift the risk to other assets, other processes, or other organizations.

16. A ____ attack seeks to deny legitimate users access to services by either tying up a server’s available resources or causing it to shut down.

17. Information assets have ____ when authorized users - persons or computer systems - are able to access them in the specified format without interference or obstruction.


18. The purpose of the ____ is to define the scope of the CP operations and establish managerial intent with regard to timetables for response to incidents, recovery from disasters, and reestablishment of operations for continuity.

19. The ____ job functions and organizational roles focus on protecting the organization’s information systems and stored information from attacks.

20. The ____ is the point in time by which systems and data must be recovered after an outage as determined by the business unit.

21. Within an organization, a(n) ____ is a group of individuals who are united by shared interests or values and who have a common goal of making the organization function to meet its objectives.

22. The ____ is used to collect information directly from the end users and business managers.

23. The final component to the CPMT planning process is to deal with ____.

24. The last stage of a business impact analysis is prioritizing the resources associated with the ____, which brings a better understanding of what must be recovered first.


25. The ____ is an investigation and assessment of the impact that various events or incidents can have on the organization.

26. The ____ job functions and organizational roles focus on costs of system creation and operation, ease of use for system users, timeliness of system creation, and transaction response time.

27. A(n) ____ is an extension of an organization’s intranet into cloud computing.

28. A ____ is a contractual document guaranteeing certain minimal levels of service provided by a vendor.

29. A ____ is an agency that provides physical facilities in the event of a disaster for a fee.

30. A(n) ____ is often included in legal documents to ensure that a vendor is not liable for actions taken by a client.

31. An organization aggregates all local backups to a central repository and then backs up that repository to an online vendor, with a ____ backup strategy.


32. A ____ is commonly a single device or server that attaches to a network and uses TCP/IP-based protocols and communications methods to provide an online storage environment.

33. A potential disadvantage of a ____ site-resumption strategy is that more than one organization might need the facility simultaneously.

34. Some recovery strategies seek to improve the ____ of a server or system in addition to, or instead of, performing backups of data.

35. RAID 0 creates one logical volume across several available hard disk drives and stores the data using ____, in which data segments are written in turn to each disk drive in the array.

36. The determination of what systems fall under the CSIRT ’s responsibility is called its ____.

37. Those services performed in response to a request or a defined event such as a help desk alert are called ____.

38. In the absence of the assigned team manager, the ____ should assume authority for overseeing and evaluating a provided service.


39. When an organization completely outsources its IR work, typically to an on-site contractor, it is called a(n) ____ model.

40. The champion for the CSIRT may be the same person as the champion for the entire IR function—typically, the ____.

41. A CSIRT model that is effective for large organizations and for organizations with major computing resources at distant locations is the ____.

42. The announcement of an operational CSIRT should minimally include ____.

43. A key step in the ____ approach to incident response is to discover the identify of the intruder while documenting his or her activity.

44. Using a process known as ____, network-based IDPSs look for attack patterns by comparing measured activity to known signatures in their knowledge base to determine whether or not an attack has occurred or may be under way.

45. The ____ is a federal law that creates a general prohibition on the realtime monitoring of traffic data relating to communications.


46. The ____ approach for detecting intrusions is based on the frequency with which certain network activities take place.

47. A(n) ____ , a type of IDPS that is similar to the NIDPS, reviews the log files generated by servers, network devices, and even other IDPSs.

48. ____ are closely monitored network decoys serving that can distract adversaries from more valuable machines on a network; can provide early warning about new attack and exploitation trends; and can allow in-depth examination of adversaries during and after exploitation.

49. In an attack known as ____, valid protocol packets exploit poorly configured DNS servers to inject false information to corrupt the servers’ answers to routine DNS queries from other systems on that network.

A(n) ____ is the set of rules and configuration guidelines governing the implementation and operation of IDPSs within the organization.

********************************************************

CIS 359 Midterm Exam Set 3


For more classes visit www.snaptutorial.com CIS 359 Midterm Exam Set 3

•

Question 1

When using virtualization, it is commonplace to use the term ____ to refer to a virtualized environment operating in or on a host platform.


Question 2

A(n) ____ backup only archives the files that have been modified since the last backup.

Question 3

A(n) ____ is an extension of an organization’s intranet into cloud computing.

Question 4


RAID 0 creates one logical volume across several available hard disk drives and stores the data using ____, in which data segments are written in turn to each disk drive in the array.

•

Question 5

A ____ is commonly a single device or server that attaches to a network and uses TCP/IP-based protocols and communications methods to provide an online storage environment.

•

Question 6


A ____ is an agency that provides physical facilities in the event of a disaster for a fee.

Question 7

A(n) ____ is often included in legal documents to ensure that a vendor is not liable for actions taken by a client.

Question 8

A resumption location known as a ____ is a fully configured computer facility capable of establishing operations at a moment’s notice.


Question 9

A ____ is a contractual document guaranteeing certain minimal levels of service provided by a vendor.

Question 10

The responsibility for creating an organization’s IR plan often falls to the ____.

Question 11


____ is the process of systematically examining information assets for evidentiary material that can provide insight into how an incident transpired.

•

Question 12

Incident analysis resources include network diagrams and lists of ____, such as database servers.

•

Question 13


One of the primary responsibilities of the IRP team is to ensure that the ____ is prepared to respond to each incident it may face.

•

Question 14

A(n) ____ is a detailed examination of the events that occurred, from first detection of an incident to final recovery.

•

Question 15

The Southeast Collegiate Cyber Defense Competition is unique in that it focuses on the operational aspect of managing and protecting an


existing network infrastructure. Unlike “capture-the-flag ” exercises, this competition is exclusively a real-world ____ competition.

Question 16

The U.S. National Institute of Standards and Technology recommends a set of tools for the CSIRT including incident reporting mechanisms with which users can report suspected incidents. At least one of these mechanisms should permit people to report incidents ____.

Question 17

The training delivery method with the lowest cost to the organization is ____.


•

Question 18

A(n) ____ is the set of rules and configuration guidelines governing the implementation and operation of IDPSs within the organization.

•

Question 19

A(n) ____ is any system resource that is placed onto a functional system but has no normal use for that system. If it attracts attention, it is from unauthorized access and will trigger a notification or response.


•

Question 20

The use of IDPS sensors and analysis systems can be quite complex. One very common approach is to use an open source software program called ____ running on an open source UNIX or Linux system that can be managed and queried from a desktop computer using a client interface.

•

Question 21

A(n) ____ , a type of IDPS that is similar to the NIDPS, reviews the log files generated by servers, network devices, and even other IDPSs.


Question 22

New systems can respond to an incident threat autonomously, based on preconfigured options that go beyond simple defensive actions usually associated with IDPS and IPS systems. These systems, referred to as ____, use a combination of resources to detect an intrusion and then to trace the intrusion back to its source.

Question 23

The ____ is a federal law that creates a general prohibition on the realtime monitoring of traffic data relating to communications.

Question 24


In an attack known as ____, valid protocol packets exploit poorly configured DNS servers to inject false information to corrupt the servers’ answers to routine DNS queries from other systems on that network.

Question 25

The purpose of the ____ is to define the scope of the CP operations and establish managerial intent with regard to timetables for response to incidents, recovery from disasters, and reestablishment of operations for continuity.

Question 26


The first major business impact analysis task is to analyze and prioritize the organization’s business processes based on their relationships to the organization’s ____.

Question 27

The ____ is an investigation and assessment of the impact that various events or incidents can have on the organization.

Question 28


One modeling technique drawn from systems analysis and design that can provide an excellent way to illustrate how a business functions is a(n) ____.:

•

Question 29

The ____ is used to collect information directly from the end users and business managers.

•

Question 30

The ____ job functions and organizational roles focus on costs of system creation and operation, ease of use for system users, timeliness of system creation, and transaction response time.


•

Question 31

Which of the following collects and provides reports on failed login attempts, probes, scans, denial-of-service attacks, and detected malware?

•

Question 32

Within an organization, a(n) ____ is a group of individuals who are united by shared interests or values and who have a common goal of making the organization function to meet its objectives.


•

Question 33

The elements required to begin the ____ process are a planning methodology; a policy environment to enable the planning process; an understanding of the causes and effects of core precursor activities, and access to financial and other resources.

•

Question 34

____ is a risk control approach that attempts to shift the risk to other assets, other processes, or other organizations.

•

Question 35


A ____ deals with the preparation for and recovery from a disaster, whether natural or man-made.

•

Question 36

The term ____ refers to a broad category of electronic and human activities in which an unauthorized individual gains access to the information an organization is trying to protect.

•

Question 37


____ of risk is the choice to do nothing to protect an information asset and to accept the outcome of its potential exploitation.

Question 38

A(n) ____ is an investigation and assessment of the impact that various attacks can have on the organization. •

Question 39

A ____ attack seeks to deny legitimate users access to services by either tying up a server’s available resources or causing it to shut down. •

Question 40

Information assets have ____ when authorized users - persons or computer systems - are able to access them in the specified format without interference or obstruction. •

Question 41

The ____ illustrates the most critical characteristics of information and has been the industry standard for computer security since the development of the mainframe.


Question 42

____ is the process of examining, documenting, and assessing the security posture of an organization’s information technology and the risks it faces. •

Question 43

A CSIRT model that is effective for large organizations and for organizations with major computing resources at distant locations is the ____. •

Question 44

The CSIRT should be available for contact by anyone who discovers or suspects that an incident involving the organization has occurred. Some organizations prefer that employees contact a ____, which then makes the determination as to whether to contact the CSIRT or not. •

Question 45

Those services undertaken to prepare the organization or the CSIRT constituents to protect and secure systems in anticipation of problems, attacks, or other events are called ____. •

Question 46

The ____ flow of information needed from the CSIRT to organizational and IT/InfoSec management is a critical communication requirement. •

Question 47

The champion for the CSIRT may be the same person as the champion for the entire IR function—typically, the ____. •

Question 48


A key step in the ____ approach to incident response is to discover the identify of the intruder while documenting his or her activity. •

Question 49

In the absence of the assigned team manager, the ____ should assume authority for overseeing and evaluating a provided service. •

Question 50

Giving the IR team the responsibility for ____ is generally not recommended.

********************************************************

CIS 359 Week 1 Discussion

For more classes visit www.snaptutorial.com From the e-Activity, explain in your own words what you believe CP attempts to provide for an organization, and describe what you believe is the most important CP consideration for an organization. Provide a rationale for your answer. Consider an organization in a specific industry (e.g., healthcare, financial, etc.), and discuss the potential shortcomings and


repercussions if an organization in this sector neglected to participate in contingency planning efforts. Provide two real-world examples (successes and / or failures) to justify your answer.

********************************************************

CIS 359 Week 2 Assignment 1 Continuity Planning Overview

For more classes visit www.snaptutorial.com Assignment 1: Continuity Planning Overview Due Week 2 and worth 75 points

Suppose you were recently hired for a new initiative as a business continuity lead / manager at a medium-sized healthcare company. You have been asked to prepare a presentation to the Board of Directors on your main duties for the company and how your position could help protect the business in case of a large-scale incident or disaster. You have been alerted that since this is a new initiative and could come with a potentially large price tag, there is skepticism from some of the Board members.


Write a three to four (3-4) page paper in which you: 1. Explain the basic primary tasks, ongoing evaluations, and major policy and procedural changes that would be needed to perform as the BC lead / manager. 2. Provide insight on how to plan the presentation to garner management and Board buy-in for those who are skeptical. 3. Discuss the first four (4) high-level activities that would be necessary in starting this initiative in the right direction and describe the potential pitfalls of each. 4. Speculate on the most comprehensive and / or critical challenge(s) in the infancy of this initiative and explain how to overcome that challenge(s). 5. Use at least three (3) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements: • Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. • Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.


The specific course learning outcomes associated with this assignment are: • Compare and contrast the methods of disaster recovery and business continuity. • Explain risk management in the context of information security. • Use technology and information resources to research issues in disaster recovery. • Write clearly and concisely about disaster recovery topics using proper writing mechanics and technical style conventions.

********************************************************

CIS 359 Week 3 Case Study 1: Stuxnet and U.S. Incident Response

For more classes visit www.snaptutorial.com Case Study 1: Stuxnet and U.S. Incident Response


Due Week 3 and worth 100 points Read the article titled “When Stuxnet Hit the Homeland: Government Response to the Rescue,” from ABC News, located athttp://abcnews.go.com/blogs/headlines/2012/06/when-stuxnet-hit-thehomeland-government-response-to-the-rescue/ and consider this threat in terms of incident response and recovery procedures. Write a three to four (3-4) page paper in which you:

Explain the role of US-CERT in protecting the nation’s industrial systems and analyze its efforts in relation to preparedness and incident and recovery management. Discuss the efforts of ICS-CERT specifically to the Stuxnet threat and examine its incident response efforts to mitigate this risk against U.S. industrial systems. With the sophistication of the primary sites of industrial system implementations, determine whether or not alternate sites (e.g., hot site) are feasible for organizations that utilize ICS technologies. Provide a rationale. Explain the high-level planning needed for an industrial systems organization that utilizes ICS technologies to prepare for attacks from cyber threats such as Stuxnet. Use at least four (4) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:


Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

Summarize the various types of disasters, response and recovery methods. Describe detection and decision-making capabilities in incident response. Use technology and information resources to research issues in disaster recovery. Write clearly and concisely about disaster recovery topics using proper writing mechanics and technical style conventions.

********************************************************


CIS 359 Week 4 Assignment 2: Incident Response (IR) Revamp

For more classes visit www.snaptutorial.com Assignment 2: Incident Response (IR) Revamp

Due Week 4 and worth 75 points

Imagine you have just taken over the manager position for your organization’s incident response team, after coming from another division in the company. Your first realization is that proper procedures, best practices, and sound technologies are not being utilized. You decide to revamp the team’s efforts.


Write a two to three (2-3) page paper in which you:

Explicate the main efforts that would be included in the incident response efforts, including but not limited to personnel and team structure, tools and utilities, and proper procedures. Discuss in detail the role that an IDS / IPS would play in the IR efforts, and explain how these systems can assist in the event notification, determination, and escalation processes. Explain how the NIST SP800-61, Rev. 1 could assist the personnel in classifying incidents so each is identified appropriately and the proper incident-handling procedures are taken. Explain how the use of log management systems (e.g., Splunk) could be a legitimate and useful component of the IR efforts, and describe the potential issues that could arise if not utilized. Use at least three (3) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover


page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:

Summarize the various types of disasters, response and recovery methods. Describe detection and decision-making capabilities in incident response. Use technology and information resources to research issues in disaster recovery. Write clearly and concisely about disaster recovery topics using proper writing mechanics and technical style conventions.

********************************************************

CIS 359 Week 6 Assignment 3 Incident Response (IR) Strategic Decisions

For more classes visit


www.snaptutorial.com Assignment 3: Incident Response (IR) Strategic Decisions

Due Week 6 and worth 75 points

Suppose that you have been alerted of a potential incident involving a suspected worm spreading via buffer overflow techniques, compromising Microsoft IIS Web servers. As the IR Team leader, it is your responsibility to determine the next steps.

Write a two to three (2-3) page paper in which you:

Explain in detail the initial steps that would need to be made by you and the IR team in order to respond to this potential incident. Construct a process-flow diagram that illustrates the process of determining the incident containment strategy that would be used in this scenario, and identify which containment strategy would be appropriate


in this case, through the use of graphical tools in Visio, or an open source alternative such as Dia. Note: The graphically depicted solution is not included in the required page length. Construct a process flow diagram to illustrate the process(es) for determining if / when notification of the incident should be relayed to upper management, and explain how those communications should be structured and relayed through the use of graphical tools in Visio, or an open source alternative such as Dia. Note: The graphically depicted solution is not included in the required page length. Detail the incident recovery processes for the resolution of this incident. Use at least three (3) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.


The specific course learning outcomes associated with this assignment are:

Summarize the various types of disasters, response and recovery methods. Develop techniques for different disaster scenarios. Use technology and information resources to research issues in disaster recovery. Write clearly and concisely about disaster recovery topics using proper writing mechanics and technical style conventions.

********************************************************

CIS 359 Week 7 Case Study 2: Disaster Recovery (DR) Lessons Learned: September 11th

For more classes visit www.snaptutorial.com Case Study 2: Disaster Recovery (DR) Lessons Learned: September 11th


Due Week 7 and worth 100 points

Read the article titled “9/11: Top lessons learned for disaster recovery,� from Computerworld.com, located athttp://www.computerworld.com/s/article/9219867/9_11_Top_lessons_ learned_for_disaster_recovery, and consider the effects the attacks of September 11, 2001, have had on technology recovery efforts.

Write a two to four (2-4) page paper in which you:

Explain how the attacks affected risk management in organizations and have prompted an increased justification for recovery-based objectives, initiatives, and expenditures. Analyze the use of social media and other current methods of communication for emergency notifications during an incident or disaster situation. Determine whether or not organizations need to consider distanced geographic locations when preparing for backup operations / data centers, and determine the effects that recovery point objectives (RPO) and recovery time objectives (RTO) have on these decisions.


Evaluate the use of cloud services as tools for recovery operations within an organization, and explain how they could increase or decrease the effectiveness of recovery operations. Determine whether or not cloud services are ideal recovery options for organizations regardless of their size. Provide a rationale to support the answer. Use at least four (4) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources.

Your assignment must follow these formatting requirements:

Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

The specific course learning outcomes associated with this assignment are:


Explain risk management in the context of information security. Summarize the various types of disasters, response and recovery methods. Compare and contrast the methods of disaster recovery and business continuity. Explain and develop a business continuity plan to address unforeseen incidents. Develop techniques for different disaster scenarios. Use technology and information resources to research issues in disaster recovery. Write clearly and concisely about disaster recovery topics using proper writing mechanics and technical style conventions.

********************************************************

CIS 359 Week 10 Term Paper: Contingency Planning in Action

For more classes visit www.snaptutorial.com


Term Paper: Contingency Planning in Action

Due Week 10 and worth 200 points Create a hypothetical organization with details including geographic location(s), number of employees in each location, primary business functions, operational and technology details, potential threats to the business and its technology, and anything else that you believe is relevant to the business. Assume this organization is lacking in its contingency planning efforts and requires assistance in ensuring these efforts are appropriately addressed to increase its overall security and preparedness posture. Write a ten to fifteen (10-15) page paper in which you:

Provide an overview of the organization and indicate why contingency planning efforts are needed and how these efforts could benefit the business. Develop a full contingency plan for the organization. Include all subordinate functions / sub plans, including BIA, IRP, DRP, and BCP efforts. Determine the policies and procedures that would be needed for all contingency planning efforts. Detail the role of the policy / procedure, and explain how each would help achieve the goals of these efforts. Detail the processes to utilize in order to fully implement the contingency plan and its components, and explain the efforts to consider in maintaining the plans.


Create a hypothetical incident scenario where the contingency planning efforts would need to be utilized and detail: how the plan is sufficiently equipped to handle the incident. a timeline for the incident response and recovery efforts. Identify any ethical concerns that are specific to this organization and its incident response personnel (especially the CP Team Leader), and explain how to plan for these concerns. Use at least five (5) quality resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are:

Explain risk management in the context of information security. Develop a disaster recovery plan for an organization. Summarize the various types of disasters, response and recovery methods.


Compare and contrast the methods of disaster recovery and business continuity. Explain and develop a business continuity plan to address unforeseen incidents. Describe crisis management guidelines and procedures. Describe detection and decision-making capabilities in incident response. Develop techniques for different disaster scenarios. Evaluate the ethical concerns inherent in disaster recovery scenarios. Use technology and information resources to research issues in disaster recovery. Write clearly and concisely about disaster recovery topics using proper writing mechanics and technical style conventions.

********************************************************

Profile for santricksapiens62

CIS 359 Massive Success--snaptutorial.com  

For more classes visit www.snaptutorial.com CIS 359 Final Exam Set 1 • Question 1 ____ are likely in the event of a hacker attack, when th...

CIS 359 Massive Success--snaptutorial.com  

For more classes visit www.snaptutorial.com CIS 359 Final Exam Set 1 • Question 1 ____ are likely in the event of a hacker attack, when th...

Advertisement