Task
Critique an organisation’s disaster recovery plan and evaluate the proposed recovery model.
Subject Learning outcomes
Demonstrate an understanding of cybersecurity and the likely cyber-attack vectors on a business or
organisation
Develop and justify a cyber security strategic plan and what it should contain ensuring legal obligations are
being met.
Design cyber security policies to mitigate the common weaknesses in ICT systems, such as human factorsout-of-date protection, the currency of protocols and be able to institute organisational data governance
protocols.
Analyse weaknesses in information protection of a business and be able to determine risks, threats and
controls.
Critically discuss a cyber disaster plan and evaluate a recovery model.
Explain the responsibilities of a cyber security manager and the implications of non-compliance by workers.
Procedures
Choose a plan to examine:
A cyber security disaster plan will be provided for you to use (Large)
Or a small organisation
Note: an organisation’s disaster recovery plan will cover more than the ICT infrastructure and resources
associated with it, but there would be very few organisations where ICT was not the major component of the
plan and the recovery model. This assessment focuses on the cyber component of the disaster recovery plan.
Write a report assessing the Cyber Disaster Recovery Plan (or component of a larger plan) and associated
Business Contingency Strategy. Your report should include an assessment of the following:
What is the coverage of the plan?
Who is involved?
Business Continuity strategy
The extent of possible problems and ramifications of the loss of various parts of IT infrastructure
Detail of procedures to be followed
Scenarios covered (e.g. threats, timelines and resource estimates)
Staffing issues
Equipment, communication, system, data/record issues coverage
Legal compliance requirements
Media output
Conclusion of assessment covering good and poor features
Recommendations
A sample organisation’s cyber security disaster recovery plan
Choose either: a large organisation’s disaster recovery plan or a smaller organisation’s plan.
Sample Solution
