Risk Management and Disaster Recovery Plan - Case Study

1. Critically identify, discuss and argue principles and concepts of information assurance and risk management from a combined strategic, tactical and operational perspective

2. Produce a detailed analysis and assessment of risk management processes and construct a DRP procedure for an organization XYZ

What am I required to do in this assignment?

You are required to produce a written report, consisting of two main factors. You are expected to conduct a risk assessment and a DRP (Disaster Recovery Plan) for a company of your choice. The word limit for this project is not supposed to exceed approximately 3000 words.

Unit title & code CIS097-6 Tactical and Strategic Cybersecurity Management

Risk Management and disaster recovery plan - Case Study

Assignment type Case Study (written report)

Weighting of assignment 40%

Unit learning outcomes 1. Critically identify, discuss and argue principles and concepts of information assurance and risk management from a combined strategic, tactical and operational perspective

2. Produce a detailed analysis and assessment of risk management processes and construct a DRP procedure for an organization XYZ

For the risk assessment you are required to look into the following.

1. Use the given network infrastructure or design your own network infrastructure for your chosen organization.

2. Identify the organizations hardware assets (Type, Quantity & Asset Values)

3. Identify the organizations software assets

4. Investigate what the nature of data is being used in the organization.

5. What technology components does the organization operate with

6. Identify risk, threats and vulnerabilities using the correct calculation formulas.

7. Calculate the likelihood for each risk identified.

8. Calculate the magnitude of impact

9. Specify your risk assessment methodology (Quantitative and qualitative)

Single Loss expectancy (SLE) = To determine what the single loss expectancy if a particular resource were made unavailable. Annual Loss Expectancy (ALE) = How often should we expect that particular resource not to be available for the entire year. Asset Value (AV) = Value of the assess, despite it being a hardware or a software asset.

Annualized Rate of Occurrence (ARO) = To identify the ARO, it is crucial to understand the particular risk and investigate on how likely it is for a certain event to happen, within a certain period.

Exposure Factor (EF) = Is the percentage of asset lost. The individual conducting the assessment for XXX is a specialist and experienced assessor who knows how to give the EF a value, depending on the asset.

For the Disaster Recovery Plan (DRP) you are required to look into the following.

DRP is a crucial formal document for organisations to be used in the event of a disaster. DRP gives a guidance to recover from unplanned disruptions including natural disasters and man-made disasters, both internal and external. You are required to investigate and construct the following phases for your company. Response, Resumption and Restoration Phase.

What do I need to do to pass? (Threshold Expectations from UIF)

1. Develop appropriate risk mitigation plans as a response to a given scenario

2. Present a documented set of procedures to assure recovery and protection of a business IT infrastructure

3. Design effective GRC framework with references to legal and regulatory requirements

How do I produce high quality work that merits a good grade?

Alongside presentation of the documentation you should provide a critical analysis of the incident, highlighting failings and making suggestions as to how such events could be avoided in future. You should also justify and explain the approaches you are proposing and be able to show their effectiveness.

How does this assignment relate to what we are doing in scheduled sessions?

This assignment builds on aspects of risk and business continuity planning, which are core aspects that have been discussed in lectures. It allows you to take the theoretical underpinnings of the risk management process and apply these to a real  world scenario.

How will my assignment be marked?

Your assignment will be marked according to the threshold expectations and the criteria on the following page. You can use them to evaluate your own work and consider your grade before you submit