Discussion QUESTION

cis 359

Question Description

1. LINK to the E-ACTIVITY: Review the updated contingency planning guide at

"CP from the National Institute of Standards and Technology (NIST)" Please respond to the following:

  • From the e-Activity, explain in your own words what you believe CP attempts to provide for an organization, and describe what you believe is the most important CP consideration for an organization. Provide a rationale for your answer.
  • Consider an organization in a specific industry (e.g., healthcare, financial, etc.), and discuss the potential shortcomings and repercussions if an organization in this sector neglected to participate in contingency planning efforts. Provide two real-world examples (successes and / or failures) to justify your answer.

2. "BIA Processes and Practices" Please respond to the following:

  • Explain in your own words the importance of business impact analysis activities when an organization is trying to determine the breadth of its contingency planning activities. Suggest the potential issues that could arise if a BIA is not performed.
  • Of the major objectives of the BIA process, determine which you believe to be the most important of these objectives and explain why.

3. "Disaster Recovery (DR), Business Continuity Planning (BCP), and Software as a Service (SaaS) Options" Please respond to the following:

  • Explain in your own words the difference between disaster recovery and business continuity planning efforts and whether or not you believe these planning efforts overlap.
  • Determine whether or not cloud and SaaS services can assist and benefit an organization in its business resumption panning (BRP) efforts, and whether or not this option is available and feasible to all sizes of organizations at this point in time. Provide a rationale to support your answer.

4. LINK to the E-ACTIVITY: Review the U.S. Department of Homeland Security’s (DHS) Cyber Storm efforts from its Website, located at,

"Cyber Storm" Please respond to the following:

  • From the e-Activity, explain in your own words the benefits of the DHS’s efforts with Cyber Storm and whether or not you believe this is a necessary and useful activity in terms of incident response preparedness.
  • Determine whether or not the efforts of Cyber Storm can help all types of organizations, regardless of size and independent of industry, for incident response and preparedness planning. Provide a rationale to support your answer.

5. "To IDS or to Not IDS?" Please respond to the following:

  • Suppose you were proposing the implementation of an IDS to your manager as a new initiative for your organization. Explain how you would make a business case for obtaining the funds in order to fully implement this initiative.
  • Propose the top three reasons for why organizations would NOT choose to implement IDS / IPS systems, and analyze each of these reasons to determine whether you believe they are valid concerns or improper conclusions.

6. LINK to the E-ACTIVITY: Read the article titled "Internet Intrusion Detection System Service in a Cloud", located at Be prepared to discuss.

  • Go to NetworkWorld’s Website to read the article titled “Cloud security strategies: Where does IDS fit in?,” dated July 15, 2010, located at Be prepared to discuss.

"IDS in the Cloud" Please respond to the following:

  • From the e-Activities, explain whether or not you believe technologies such as IDS are still relevant and useful as there is a push toward SaaS and cloud-based solutions..
  • Discuss from your perspective how cloud-based services change incident response, for better or worse, and determine what you believe to be the greatest preparedness concern with cloud-based services.

7. "Forming the CSIRT" Please respond to the following:

  • Determine what you believe are the top two considerations that should be addressed when forming the CSIRT in terms of skills, abilities, procedures, training, deployment, etc.
  • Explain what you believe to be the most critical flaw or failure when it comes to CSIRT organization and preparation. Suggest ways management can avoid this pitfall altogether.

8. LINK to the E-ACTIVITY: Review the CERT report titled “Communication Among Incident Responders-A Study,” dated September, 2012, located at

"Team Communication…Tested!" Please respond to the following:

  • From the e-Activity, explain in your own words the purpose of the Software Engineering Institute’s (SEI) exercises regarding team communication, and determine whether or not you believe this type of testing and analysis is a beneficial use of resources. Justify your answer.
  • Based on the testing and analysis described in the e-Activity, indicate the two most important things that you believe are needed in order for cross-team communication to be successful when dealing with potential widespread incidents.

Final Answer

Hi, kindly find attached

Insert Surname

Student Name

Professor's Name

Course Title


Contingency Planning

Question 1

Contingency plans are the organizational plans with rules and procedures that employees follow
during both natural and man-made emergencies. They are very critical to the organization
because they minimize the risk caused by emergencies. I tend to believe that all organizations
understand that they are always faced with the risk of being attacked. Lack of preparedness
during such a situation may delay the recovery process or even destroy the business. In
contingency planning, the hardest of all tasks is the first or initial task. The team involved must
determine the individuals involved and what must be protected from the emergency or risk.
Understanding the initial tasks makes implementation of the plan easier.

Question 2

Insert Surname 2
Without a contingency plan, an insurance company may leave the majority of the people
underinsured or uninsured. For instance, take a building that stores customer data in both soft
and hard copies though located in flood-prone areas. Due to security reasons, the company may
not have any backups of the information in another location. During floods, all the copies may be
destroyed or damaged. Consequently, most of the customers may be left without insurance
because there is no proper way to acknowledge clients. In another example, when New Orleans
was hit by hurricane Katrina in 2005, all evidence had been locked up in the basement of the
police headquarters. During the disaster, most of the evidence was destroyed making it
impossible to charge criminals with gang affiliations among other cases.

Business Impact Analysis
Question 1
In contingency planning, the Business Impact Analysis (BIA) plays a very critical role. This
usually begins after completion of the risk assessment process. The main purpose of the BIA is
to prioritize both threats and vulnerabilities identified in the risk management process with
detailed information. It is able to show how long it will take for business units and organizational
processes to resume to their normal functioning after a disaster. Also, it identifies the necessary
resources needed to facilitate the recovery process. The activities and outlined in the BIA are
very critical to any organ...

NicholasI (28283)

Solid work, thanks.

The tutor was great. I’m satisfied with the service.

Goes above and beyond expectations !

Similar Questions
Related Tags

Brown University

1271 Tutors

California Institute of Technology

2131 Tutors

Carnegie Mellon University

982 Tutors

Columbia University

1256 Tutors

Dartmouth University

2113 Tutors

Emory University

2279 Tutors

Harvard University

599 Tutors

Massachusetts Institute of Technology

2319 Tutors

New York University

1645 Tutors

Notre Dam University

1911 Tutors

Oklahoma University

2122 Tutors

Pennsylvania State University

932 Tutors

Princeton University

1211 Tutors

Stanford University

983 Tutors

University of California

1282 Tutors

Oxford University

123 Tutors

Yale University

2325 Tutors