PART 1

One of the ways to thwart cyberattacks and perpetration of network resources by cybercriminals is through the application of controls. Internal controls are implemented to reduce risk to organizational resources through the application of policies, procedures, industry best principles and practices, and support of security principles implementation from top level management. The Head of the Cyber security program of a local university has requested that you present a 1-2-page paper to first year students on the differences between control classifications and control objectives. Your paper should give examples to help the first year cyber security students understand the differences.

Support your paper with a minimum of five (5) recent (within the past five years) scholarly resources. In addition to these specified resources, other appropriate scholarly resources, including older articles, may be included.

Length: 1-2 pages not including titles and reference pages.

Your paper should demonstrate thoughtful consideration of the ideas and concepts that are presented in the course and provide new thoughts and insights relating directly to this topic. Your response should reflect scholarly writing and current APA standards.

PART 2

A sound practice that will lead to recovery of lost resources from a cyber-attack is the combination of risk management, business continuity plan (BCP), disaster recovery plan (DRP), and incidence response plan (IRP). Risk management documents and supports most actions contained with a BCP and DRP. DRP is part of BCP. BCP involves the processes and procedures that are carried out by an organization to ensure that essential business functions continue to operate during and after a disaster. DRP involves the recovery of IT systems is a disruption or disaster occurs. Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.

As the Chief Cyber Security Analyst of an organization, you are part of a team of information security professionals who are tasked to improve the security posture of the organization through the applications of best practices and principles of business continuity plan (BCP), disaster recovery plan (DRP), and incidence response plan (IRP). As part of the team, you are assigned the responsibility to write a 5-7-page paper in which you will address business continuity plan (BCP) and disaster recovery plan (DRP) processes and procedures. In your paper, address the following:

• Differentiate between business continuity and disaster recovery planning
• Describe the business continuity plan phases
• Describe the business continuity planning process
• List the steps in disaster recovery plan
• Describe the types of testing in BCP and DRP
  • Checklist testing (consistency testing)
  • Structured walk-through testing (Validity testing)
  • Simulation testing
• Describe five business continuity and disaster recovery planning mistakes.

Support your paper with a minimum of five (5) recent (within the past five years) scholarly resources. In addition to these specified resources, other appropriate scholarly resources, including older articles, may be included.

Length: 5-7 pages not including titles and reference pages.

Your paper should demonstrate thoughtful consideration of the ideas and concepts that are presented in the course and provide new thoughts and insights relating directly to this topic. Your response should reflect scholarly writing and current APA standards.