CYB 320 Project One Stepping Stone Two Guidelines and Rubric
Business Continuity Scenarios
Overview
When you are thinking about business continuity planning, the longer it takes to regain normal business operations, the more expensive the incident becomes. Your goal is to get back to normal business operations as quickly as possible. This requires a systems thinking mindset to take the organization’s needs into consideration. In general, business continuity affects people, process, and technology. When you are designing business continuity plans (BCPs), visual aids such as process flow diagrams of business operations can be used to make the plan more robust.
The BCP is part of a larger plan the organization uses for contingency planning, the disaster recovery plan (DRP). We will cover the DRP in more detail in your next and final stepping stone for Project One. Project One is due in Module Six.
Scenarios
You will use the same scenarios as the Project One Stepping Stone One. Drawing from the previous assignment, you have identified the assets affected, their effects on the business, and their severity. Now we will look at the same scenarios from a business continuity perspective. For this assignment, the incident response team has successfully contained the incident. Your charge now is to focus on the methods for maintaining normal business operations during these incidents.
Note: You do not need feedback from your previous stepping stone to complete this assignment.
Scenario One:
Previously: The sprinkler system in your building has been triggered. You have been told there is no fire. However, you know that the sprinklers are going off in your server room.
Scenario Two:
Previously: A user reports that their workstation is locked with a picture of a snowman. They have disclosed that right before this happened, they started playing music from a personal USB drive.
Prompt
For each scenario, you must address the critical elements below.
- Business Continuity Scenario One
- Describe short-term solutions for displacement of employees while in recovery to maintain normal business operations.
- Describe short-term solutions for processes and hardware that may be affected by the incident while in recovery to maintain normal business operations.
- Propose a failover solution that would maintain normal business operations during a similar incident. Describe what you would need to implement your solution.
- Rank the order of importance of the three tenets of the confidentiality, integrity, and availability (CIA) triad as they relate to the incident. Justify your response.
- Business Continuity Scenario Two
- Describe short-term solutions for displacement of employees while in recovery to maintain normal business operations.
- Describe short-term solutions for processes and hardware that may be affected by the incident while in recovery to maintain normal business operations.
- Propose a failover solution that would maintain normal business operations during a similar incident. Describe what you would need to implement your solution.
- Rank the order of importance of the three tenets of the confidentiality, integrity, and availability (CIA) triad as they relate to the incident. Justify your response.
What to Submit
Your submission should be 3 to 5 pages in length. Use double spacing, 12-point Times New Roman font, and one-inch margins. Any references should be cited according to APA style. Use a file name that includes the course code, the assignment title, and your name—for example, CYB_123_Assignment_Firstname_Lastname.docx.
Project One Stepping Stone Two Rubric
| Criteria | Exemplary (100%) | Proficient (85%) | Needs Improvement (55%) | Not Evident (0%) | Value |
|---|---|---|---|---|---|
| Business Continuity Scenario One: Employees | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Describes short-term solutions for displacement of employees while in recovery to maintain normal business operations | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 11.5 |
| Business Continuity Scenario One: Processes and Hardware | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Describes short-term solutions for processes and hardware that may be affected by the incident while in recovery to maintain normal business operations | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 11.5 |
| Business Continuity Scenario One: Failover Solution | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Proposes a failover solution that would maintain normal business operations during a similar incident, and describes what is needed to implement the solution | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 11.5 |
| Business Continuity Scenario One: CIA Triad | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Ranks the order of importance of the three tenets of the CIA triad as they relate to the incident, and justifies response | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 11.5 |
| Business Continuity Scenario Two: Employees | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Describes short-term solutions for displacement of employees while in recovery to maintain normal business operations | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 11.5 |
| Business Continuity Scenario Two: Processes and Hardware | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Describes short-term solutions for processes and hardware that may be affected by the incident while in recovery to maintain normal business operations | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 11.5 |
| Business Continuity Scenario Two: Failover Solution | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Proposes a failover solution that would maintain normal business operations during a similar incident, and describes what is needed to implement the solution | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 11.5 |
| Business Continuity Scenario Two: CIA Triad | Meets “Proficient” criteria and addresses critical element in an exceptionally clear, insightful, sophisticated, or creative manner | Ranks the order of importance of the three tenets of the CIA triad as they relate to the incident, and justifies response | Addresses “Proficient” criteria, but there are gaps in clarity, logic, or detail | Does not address critical element, or response is irrelevant | 11.5 |
| Articulation of Response | Submission is free of errors related to citations, grammar, spelling, and organization and is presented in a professional and easy-to-read format | Submission has no major errors related to citations, grammar, spelling, or organization | Submission has some errors related to citations, grammar, spelling, or organization that negatively impact readability and articulation of main ideas | Submission has critical errors related to citations, grammar, spelling, or organization that prevent understanding of ideas | 8 |
| Total: | 100% |