CYB 320 Project One Stepping Stone Three Guidelines and Rubric
Disaster Recovery Scenarios
Overview
Contingency planning is an organization’s response to a world in flux, where risks of various kinds are always present. Contingency planning, an essential part of risk management, is an overarching term for an organization’s ability to identify risks, understand the stakes or potential consequences of those risks, and plan an effective response. Incident response plans (IRPs), business continuity plans (BCPs), and disaster recovery plans (DRPs) are all part of contingency planning. Business impact analysis (BIA), which you have examined in prior course work, is also part of contingency planning. All of these aspects are essential if an organization is to be as prepared as possible.
The stakes are high. Organizations that prepare in a systematic manner for the range of risks they may face are likely to survive even serious incidents. Organizations that fail to plan for incidents, or do so in a way that leaves gaps in planning or practicing an effective response, put their survival in peril. As you have seen in this course so far, planning and preparation are serious tasks that require systems thinking, organizational knowledge, and the ability to orchestrate different pathways for response.
In Stepping Stones One and Two for Project One, you focused on incident response and business continuity planning for two evolving incident scenarios. In Stepping Stone Three, you will continue to work with these scenarios but will shift your focus to disaster recovery. As you can see, these plans and procedures are related; business continuity, for instance, often depends on the ability to recover quickly from a disaster. However, focusing on different aspects of planning and response allows the organization to be sure that nothing is missed and that threats are mitigated to the extent possible.
Stepping Stone Three, with its focus on disaster recovery, is the final preparation you need for completing Project One, which is due in Module Six.
Scenario
You will use the same scenarios as in the previous two stepping stones, with some added information. Drawing from the previous assignment, you have identified solutions to maintain normal business operations. Now we will look at the same scenarios from a disaster recovery perspective. For this assignment, the incident response team (IRT) has provided you with more details on what assets were lost. Your charge now is to focus on the methods for recovery and on evaluating backup strategies.
Note: You do not need feedback from your previous stepping stone to complete this assignment.
Scenario One:
Previously: The sprinkler system in your building has been triggered. You have been told there is no fire. However, you know that the sprinklers are going off in your server room.
Update from the IRT: It was determined that the following assets were lost due to the incident.
- The universal power supply (UPS) that was used as a battery backup for the switches and routers
- The router and its associated firewall rules and route tables
Research into the current disaster recovery plan indicates that a backup is performed once a week to the cloud.
Scenario Two:
Previously: A user reports that their workstation is locked with a picture of a snowman. They have disclosed that right before this happened, they started playing music from a personal USB drive.
Update from the IRT: It was determined that the following assets were lost due to the incident.
- The user’s workstation, which must be completely wiped and rebuilt. IT has verified that it has stored images of all the computer assets.
- An Excel file saved to the network drive was corrupted because it was open when the incident occurred.
Research into the current disaster recovery plan indicates that a backup is performed once a week to the cloud.
Prompt
You must address the critical elements below.
- Disaster Recovery Scenario One
- Describe some of the first actions you take to restore data that was lost. Justify your response.
- Using your systems thinking mindset, evaluate the current backup strategy and propose an update to the strategy.
- Recommend organizational policy updates that could minimize the contributing factors that led up to the incident.
- Disaster Recovery Scenario Two
- Describe some of the first actions you take to restore data that was lost. Justify your response.
- Using your systems thinking mindset, evaluate the current backup strategy and propose an update to the strategy.
- Recommend organizational policy updates that could minimize the contributing factors that led up to the incident.
- Big Picture Considerations: Address the following holistic questions.
- Explain the interplay between IRPs, BCPs, and DRPs as it applies to contingency planning.
- Explain how you would implement an awareness program for employees that incorporates practice and maintenance of these plans.
- Describe your key takeaways from the Project One stepping stones, cumulatively, as they apply to contingency planning for organizations.
What to Submit
Your submission should be 3 to 5 pages in length. Use double spacing, 12-point Times New Roman font, and one-inch margins. Any references should be cited according to APA style. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.
Project One Stepping Stone Three Rubric
| Criteria | Exemplary (100%) | Proficient (85%) | Needs Improvement (55%) | Not Evident (0%) | Value |
|---|---|---|---|---|---|
| Disaster Recovery Scenario One: Restore Data | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Describes and justifies, using sound reasoning, the first actions taken to restore data, in alignment with the scenario | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 10 |
| Disaster Recovery Scenario One: Backup Strategy | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Evaluates the backup strategy and recommends sound improvements that respond to the scenario | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 10 |
| Disaster Recovery Scenario One: Organizational Policy | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Recommends organizational policy updates that may minimize the contributing factors that led to the incident | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 10 |
| Disaster Recovery Scenario Two: Restore Data | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Describes and justifies, using sound reasoning, the first actions taken to restore data, in alignment with the scenario | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 10 |
| Disaster Recovery Scenario Two: Backup Strategy | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Evaluates the backup strategy and recommends sound improvements that respond to the scenario | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 10 |
| Disaster Recovery Scenario Two: Organizational Policy | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Recommends organizational policy updates that may minimize the contributing factors that led to the incident | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 10 |
| Big Picture: Interplay of Plans | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Effectively explains the interplay between IRPs, BCPs, and DRPs as applied to contingency planning | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 10 |
| Big Picture: Awareness Program Implementation | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Describes the implementation of an awareness program for employees that incorporates practice and maintenance of the IRP, BCP, and DRP | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 10 |
| Big Picture: Key Takeaways from Stepping Stones | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Describes appropriate key takeaways from the Project One stepping stones as they apply to contingency planning for organizations | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 10 |
| Articulation of Response | Submission is free of errors related to citations, grammar, spelling, and organization and is presented in a professional and easy-to-read format | Submission has no major errors related to citations, grammar, spelling, or organization | Submission has some errors related to citations, grammar, spelling, or organization that negatively impact readability and articulation of main ideas | Submission has critical errors related to citations, grammar, spelling, or organization that prevent understanding of ideas | 10 |
| Total: | 100% |