Kennesaw State University, Department Of Computer Science And Information Systems
IS 8300 – Disaster Recovery and Business Continuity Planning
Michael E. Whitman, Ph.D., CISM, CISSP
CL 3061, mwhitman@kennesaw.edu
Course Description:
A detailed study of strategic and tactical planning for non-standard operations resulting from
events beyond the organization’s control. Disaster Recovery and Business Continuity Planning
prepares the student to develop and execute plans to enable the organization to recover
operations and continue critical business functions in the event of a disaster. This course
includes an overview of incident response planning as a possible precursor to Disaster
Recovery and Business Continuity and also examines Crisis Management planning.
Prerequisites:
Full admission to the MSIS Program, or permission of the Program Director
Textbooks:
Principles of Incident Response and Disaster Recovery, Whitman & Mattord, (c) 2006 Course
Technology ISBN: 141883663X
Resources:
IN addition to the resources provided or referenced in WebCT Vista, the student will
occasionally be asked to download free documents from the Computer Security Resource
Center at http://csrc.nist.gov/publications/nistpubs/index.html
0. SP 800-83 Guide to Malware Incident Prevention and Handling November 2005
1. SP 800-61 Computer Security Incident Handling Guide, January 2004
2. SP 800-34 Contingency Planning Guide for Information Technology Systems, June 2002
3. SP 800-31 Intrusion Detection Systems (IDS), November 2001
4. Plus additional resources as assigned in class.
Learning Outcomes: As a result of completing this course, students will be able to:
Objective
Assessed in:
1. Integrate IRP, DRP, and BCP plans into a coherent strategy to support
Exam 2 &
sustained organizational operations.
Project
2. Compare and contrast incident response options.
Exam 1 &
Project
3. Design an Incident Response Plan for sustained organizational
operations.
Exam 1 &
Project
4. Discuss and recommend contingency strategies for business
resumption planning
5. Design a Disaster Recovery Plan for sustained organizational
operations.
Exam 2 &
Project
Exam 2 &
Project
6. Design a Business Continuity Plan for sustained organizational
operations.
Exam 2 &
Project
1
Assessment:
Exam 1
Exam 2
Research Paper
Project
30%
30%
20%
20%
100%
Grading Schedule
The instructor will make every effort to have major components (exams papers etc) graded
within 1 week, and other assignments within 2 weeks. Email the instructor if you do not see
your grade posted within the time limit.
Grade
Evaluation
A
89.5% - 100%
B
79.5% - 89.5%
C
69.5% - 79.5%
D
59.5% - 69.5%
F
59.4% or below
Project will be graded for correctness and completeness. The instructor retains the right to
subjectively adjust an individual student's grade in appropriate cases, based upon observed
performance. All turned-in assignments will be neatly typed (word-processed) and printed with
letter-quality type. Specific examples will be provided in class. Students failing to present the
information completely, neatly and in the prescribed format will receive minimal credit for their
work. Students should double check for spelling and grammar before submitting assignments.
Research Paper:
The student will be expected to research and submit a 15-20 page research paper on critical
issues in the management of the disaster recovery and business continuity planning process.
Students will identify a proposed topic and submit to the instructor within the first 3 weeks of
class, and use the feedback provided to create a paper with cited references. Additional
details will be provided in class.
Exams:
There will be 2 non-cumulative examinations. The content will come from the text and other
material presented in lecture recordings. Note that material presented in the recorded
lectures will supplement the assigned readings. Therefore, class attendance and good note
taking are essential tactics for success.
The exam will be provided online and due one week after assignment. Students may use
their notebooks and textbooks for the exam, but NOTHING else. Students are expected to
word process and spell-check their exam. The exam will NOT be accepted after the due
date/time.
There will be no make-up examinations. It is the student’s responsibility to arrange for an
excused absence before the exam. A grade of zero will be assigned for any exams missed
without an excused absence.
2
Project Requirements:
During the course of the semester, students will be expected to identify a real-world
organization that they can assess the current state of Disaster Recovery/Business Continuity
planning at the organization and design a suitable program for the development,
implementation, testing and maintenance of Disaster Recovery and Business Continuity
Programs. Students will submit a report containing all necessary documents and
recommendations.
Students will also record and upload a 15 minute presentation using a freeware or shareware
commercial product, complete with PowerPoint slides and audio. You may use PowerPoint
with imbedded audio, WINK, or a trial version of a commercial product like Camtasia to
accomplish this.
The recorded presentation on the project will provide additional insight.
Week
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
FINAL
EXAM
TENTATIVE COURSE SCHEDULE: SUBJECT TO CHANGE
Topic
Chapters/Assignments
Introduction to Course
Contingency Planning within Information
1
Security
Planning for Organizational Readiness
2
Incident Response: Preparation, Organization, 3
and Prevention
Incident Response: Detection and Decision
4
Making
Incident Response: Reaction, Recovery, and
5
Maintenance
Exam 1
Contingency Strategies for Business
6
Resumption Planning
Disaster Recovery: Preparation and
7
Implementation
Research Paper Due
Disaster Recovery: Operation and
8
Maintenance
Business Continuity Preparation and
9
Implementation
Business Continuity Operations and
10
Maintenance
Crisis Management and Human Factors
11
Project Presentations
Project Due
Exam 2
3