Business impacts and probability matrix.docx
Running head: BUSINESS IMPACTS AND PROBABILITIES MATRIX 2
BUSINESS IMPACTS AND PROBABILITIES MATRIX 2
Business Impacts and Probabilities Matrix
Name
Institution
Date
Business Impacts and Probabilities Matrix
The following matrix will be used to understand the probability of occurrence of the explored threats and their relevant impacts on the business operations of the target company.
With the use of the above matrix, the following outcomes were realized on the identified physical and non-physical threats to the vulnerable systems of the company.
Threats
Probability
Impact
Ransomware
Most certainly
Extreme risks
Phishing attacks
Most certainly
Extreme risks
Hacking
Most certainly
Extreme risks
Cracking
Most certainly
Extreme risks
Hurricane and earthquake
Possible
Low risks
Fire and Floods
Possible
Low risks
Professional hacking
Most certainly
Extreme risks
Eternal Inputs of Threats and Vulnerabilities.docx
Running head: EXTERNAL INPUTS OF THREATS AND VULNERABILITIES 2
EXTERNAL INPUTS OF THREATS AND VULNERABILITIES 2
External Inputs of Threats and Vulnerabilities
Name
Institution
Date
External Inputs of Threats and Vulnerabilities
The external inputs of threats and vulnerability are some of the potential best practices that are integrated by a company to ensure the protection of its vulnerable system to threats. Such measures include internal vulnerability mitigation practices, information management practices, and external vulnerability assessment practices (Wu, Li, Teng, Chen, & Wang, 2020). The company should ensure a positive response to such practices through effective compliance to ethics of practice, effective management of change process, and integration of a high level of professionalism and skills in the establishment of a change in its systems.
Reference
Wu, J., Li, J., Teng, Y., Chen, H., & Wang, Y. (2020). A partition computing-based positive matrix factorization (PC-PMF) approach for the source apportionment of agricultural soil heavy metal contents and associated health risks. Journal of Hazardous Materials, 388, 121766.
Vulnerability Asset List.docx
Running head: VULNERABILITY ASSETS LIST 2
VULNERABILITY ASSETS LIST 2
Vulnerability Assets List
Name
Institution
Date
Vulnerability Assets List
The identified issue in the midsize company is related to system security. The security issue of the company is associated with a huge gap in both the physical and non-physical components of the organizational system.
The physical Vulnerability Assets List
· The organizational computers
· Physical infrastructure
· Human resources
The alr ...
Chapter 16 Renal System and Male reproductive System1. The acti.docx
Business impacts and probability matrixRunning head BUSI
1. Business impacts and probability matrix.docx
Running head: BUSINESS IMPACTS AND PROBABILITIES
MATRIX 2
BUSINESS IMPACTS AND PROBABILITIES MATRIX
2
Business Impacts and Probabilities Matrix
Name
Institution
Date
Business Impacts and Probabilities Matrix
The following matrix will be used to understand the probability
of occurrence of the explored threats and their relevant impacts
on the business operations of the target company.
With the use of the above matrix, the following outcomes were
2. realized on the identified physical and non-physical threats to
the vulnerable systems of the company.
Threats
Probability
Impact
Ransomware
Most certainly
Extreme risks
Phishing attacks
Most certainly
Extreme risks
Hacking
Most certainly
Extreme risks
Cracking
Most certainly
Extreme risks
Hurricane and earthquake
Possible
Low risks
Fire and Floods
Possible
Low risks
Professional hacking
Most certainly
Extreme risks
Eternal Inputs of Threats and Vulnerabilities.docx
Running head: EXTERNAL INPUTS OF THREATS AND
VULNERABILITIES 2
EXTERNAL INPUTS OF THREATS AND VULNERABILITIES
2
3. External Inputs of Threats and Vulnerabilities
Name
Institution
Date
External Inputs of Threats and Vulnerabilities
The external inputs of threats and vulnerability are some of the
potential best practices that are integrated by a company to
ensure the protection of its vulnerable system to threats. Such
measures include internal vulnerability mitigation practices,
information management practices, and external vulnerability
assessment practices (Wu, Li, Teng, Chen, & Wang, 2020). The
company should ensure a positive response to such practices
through effective compliance to ethics of practice, effective
management of change process, and integration of a high level
of professionalism and skills in the establishment of a change in
its systems.
4. Reference
Wu, J., Li, J., Teng, Y., Chen, H., & Wang, Y. (2020). A
partition computing-based positive matrix factorization (PC-
PMF) approach for the source apportionment of agricultural soil
heavy metal contents and associated health risks. Journal of
Hazardous Materials, 388, 121766.
Vulnerability Asset List.docx
Running head: VULNERABILITY ASSETS LIST
2
VULNERABILITY ASSETS LIST
2
Vulnerability Assets List
Name
Institution
5. Date
Vulnerability Assets List
The identified issue in the midsize company is related to system
security. The security issue of the company is associated with a
huge gap in both the physical and non-physical components of
the organizational system.
The physical Vulnerability Assets List
· The organizational computers
· Physical infrastructure
· Human resources
The already established analysis of the status of the
organizational security gaps indicates that the company does not
invest much in its physical security. The company has security
personnel located at the main entrance of the premises. The
company has secure access to the entrance of the building,
which is only dedicated to the office of the CEO. Other
computers including the one located in the production unit are
not well secured. Anyone including employees of relevant
departments can easily access various components of the
computer, something that imposes harm to the physical
computers if not to mention the internal element of the company
computers. Such a gap in the physical infrastructure of the
company is a clear indication that the building where the
physical technological resources are located is not well secured
and is vulnerable to theft among other security issues.
Lack of cameras among other automated security systems in the
main entrance indicates that thieves can easily intrude into the
premises and steal relevant computer devices (Humayun, Niazi,
6. Jhanjhi, Alshayeb, & Mahmood, 2020). With such a gap, which
would allow illegal intrusion into the compound, the safety of
the human resources operating the technology infrastructure of
the company is also not guaranteed. The actual premise can also
be damaged with the existence of unauthorized access. Such
damage may interfere with the normal operation of the
organizational system. Therefore, the management system of the
company should influence relevant security measures for
handling the vulnerability of its physical assets to i nsecurity
matters.
The non-physical Vulnerable Assets List
· Organizational software
· Financial information
· Supplier information
· Customer information
· Employee information
· Managerial information stored within the system
Nonphysical assets are intangible commodities that are critical
to the adoption and implementation of organizational systems.
One significant non-physical but technical component of
systems is software. The company uses an illegally acquired
Windows 10. As the operating system of the system, it creates a
gap that can be used by hackers to access other software. Other
applications including the operating system adopted in the
company are vulnerable to hacking among other potential
threats to the systems. The illegal access into the system
through the identified system gaps such as illegally acquired
Windows 10 makes the stored information in the system to be
vulnerable to insecurity threats (Adepu, Palleti, Mishra, &
Mathur, 2020). Theft and damage of the stored information into
the system are likely threats that the organizational system
deems vulnerable, something that the management system of the
company should handle with impressive measures.
References
7. Adepu, S., Palleti, V. R., Mishra, G., & Mathur, A. (2020).
Investigation of cyber attacks on a water distribution system.
International Conference on Applied Cryptography and Network
Security, 274-291.
Humayun, M., Niazi, M., Jhanjhi, N. Z., Alshayeb, M., &
Mahmood, S. (2020). Cyber security threats and vulnerabilities:
a systematic mapping study. Arabian Journal for Science and
Engineering, 45(4), 3171-3189.
Internal and External Threat Lists.docx
Running head: INTERNAL AND EXTERNAL THREAT LISTS
2
INTERNAL AND EXTERNAL THREAT LISTS
2
Internal and External Threat Lists
Name
Institution
Date
8. Internal and External Threat Lists
The basis of the organizational threats to the security of the
systems is based on their sources, which may be realized either
internally or externally. The external threats are those factors
that affect the security of the system from the outside of the
company. On the other hand, the internal threats are the existing
gap in the management of the systems influenced by the
company itself. Exploration and understanding of the sources of
the threats assist in promoting effective measures to the threats
based on their nature and origin.
Internal Threats List
· Ransomware
Ransomware is malicious software with the ability to infect a
computer and restrict system users from accessing the system
until a particular ransom is paid (Bansal, Deligiannis, Maddila,
& Rao, 2020). The existing research on ransomware confirms
that most of the phishing emails for illegal access to a system
are achieved by employees of a company. Relevantly, lack of
proper knowledge and understanding of effective utilization and
integration of security in the adoption and implementation of
technology is also confirmed to be responsible for increased
ransomware threats in most companies. The contracting
organization achieves limited attention to professionalism with
the increased adoption of technology. This affects the
influenced commitments to security management, a factor that
creates room for ransomware threats. Also, ineffective
management of ethical policies in the company plays a
significant role in influencing the environment for threats
related to ransomware. The existing gaps in the management of
illegal access of the systems lead to threats to the security of
the systems. Therefore, the company should engage relevant
measures to ethical compliance and professionalism to handle
9. issues related to ransomware.
· Phishing attacks
Another potential threat to the system of the company is
phishing attacks. Phishing attacks normally occur with an
engaged social engineering attack with the main intention of
stealing user data (Alabdan, 2020). The main perpetrators of
phishing attacks are untrusted entities who can get access to
critical information of the company. The perpetrators normally
use login credentials to get access to the system ad does away
with important credentials. At times, such illegal intrusions are
influenced by other outsiders who collaborate with internal
employees to steal important access credentials. Storage of
important login credentials without a proper security protocol is
also another path used by the illegal intruders with prompt
engineering entering skills to have access to the system. The
company’s security structure is poorly integrated, a factor that
is seen right from the adopted applications to run the entire
system. The gap in the management of the security, especially,
with poorly integrated security policies creates a path for
potential phishing activities into the systems. For that matter,
the company should pay attention to the management of its
security system including engagement of a high level of
professionalism to handle matters related to phishing in its
systems.
· Hacking
Hacking is also another threat that would interfere with the
normal management t of the system including the stored
information within the system. Hacking is an engaged intrusion
into the systems of an organization with unauthorized users to
steal, harm, or manipulate the stored information in the target
systems (Lyócsa, Molnár, Plíhal, & Širaňová, 2020). Most of
the unauthorized access into the system or cyber intrusion
attempts are normally achieved using this mechanism. However,
the establishment of the described unauthorized access is
normally done in systems without properly integrated security
measures. The company in question is confirmed to lack
10. effective security measures for its system. Other than using
unsecured Windows, it is also evident that the company operates
the old forms of technology in establishing and implementing
its business decisions. This makes the organizational systems
and the stored information in the systems to be vulnerable to
hacking activities, a factor that would endanger the system and
its relevant resources. In essence, there is a great need for a
more secure system with the ability to prevent hacking and
other related insecure activities.
· Cracking
The status of the system of the company is also clear evidence
that it is vulnerable to cracking threats. The company’s system
is not well designed to prevent potential unauthorized intrusion
into the system. Such assumption is based on the nature of the
used resources to establish the structure of the organizational
systems. The adopted Windows from torrent sites renders the
organizational systems to potential tracking activity, a gap that
would expose the stored information within the system to
unauthorized users with ill intentions. This has an impact on the
security and vulnerability of the organizational system and
information stored in the system to threats. Therefore, the
company in question should ensure relevant measures for
ascertaining system security by adopting genuine Windows and
embracing improved professionalism in the development of its
system infrastructure and usage of the system for business
reasons.
External Threats List
The potential threats to the systems of the company can also
come from outside the organization. While some of the threats
can be natural, others are manmade. Nevertheless, the ability of
such threats to affect the systems is based on the influenced
preparation by the company to mitigate the threats or eliminate
the impacts of the threats. Examples of the external threats to
the system of the company based on the explored security gap in
the target systems include:
· Hurricanes and Earthquakes
11. Hurricanes are natural disasters that can be a threat to the
normal operation of the systems. The existence of hurricanes
can not only destroy the physical structure where physical
components of the system are located and operated but also
critical factors that determine the successful operation of the
system such as the network (Tabrizchi & Kuchaki Rafsanjani,
2020). The explored status of the company indicates that the
organization pays little attention to the security of the physical
components of its systems. This is a clear indication that the
systems of the company are vulnerable to natural threats such as
hurricanes among others.
· Fires and floods
Huge fires can be both natural and manmade. Effective
preparations for potential disasters should influence measures
for reducing the impacts of natural fires while eliminating
factors that would be responsible for manmade fires, as well as,
laying potential measures for protecting the company and its
systems from impacts of manmade fires. The inability of the
company to influence effective measures for preventing the
vulnerability of its physical assets to threats is clear evidence
that its system is vulnerable to fire threats. For that matter,
there is a need for the management system of the company to
facilitate measures aimed at protecting its physical assets from
threats.
· Professional hacking
Professional hackings are normally achieved by an individual
outside the company who uses built systems to access the
organizational information through the used network. The
company uses a privately managed network system.
Nevertheless, professionals can still hack such networks and
access critical information for personal reasons such as phishing
(Alabdan, 2020). Therefore, the company should encourage
impressive commitment to managing its network activities to
prevent insecure attempts on its systems by external hackers.
12. References
Alabdan, R. (2020). Phishing attacks survey: Types, vectors,
and technical approaches. Future Internet, 12(10), 168.
Bansal, C., Deligiannis, P., Maddila, C., & Rao, N. (2020).
Studying ransomware attacks using web search logs.
Proceedings of the 43rd International ACM SIGIR Conference
on Research and Development in Information Retrieval, 1517-
1520.
Lyócsa, Š., Molnár, P., Plíhal, T., & Širaňová, M. (2020).
Impact of macroeconomic news, regulation and hacking
exchange markets on the volatility of bitcoin. Journal of
Economic Dynamics and Control, 119, 103980.
Tabrizchi, H., & Kuchaki Rafsanjani, M. (2020). A survey on
security challenges in cloud computing: issues, threats, and
solutions. The journal of supercomputing, 76(12), 9493-9532.
Risk Assessment Summary Report (2).docx
Running head: RISK ASSESSMENT SUMMARY REPORT
13. 2
RISK ASSESSMENT SUMMARY REPORT
2
Risk Assessment Summary Report
Name
Institution
Date
Risk Assessment Summary Report
The ideal risks to the systems of the company are cyber
insecurity and the destruction of the physical infrastructure.
However, based on the engaged ranking, it is evident that the
contract company is vulnerable to cyber insecurity risks
compared to other risks caused by the already identified threats.
Therefore, it is important to explore and understand the
probable cause of cyber insecurity in the company, effective
measures for mitigating threats associated with cyber insecurity,
and the recommendations for the company as far as the security
of its system is concerned.
14. Underlying Causes of Cyber Insecurity
The establishment of a perfect solution to the issue of cyber
insecurity calls for considering the subject matter, the technical,
managerial, and administrative backgrounds. In essence, the
underlying causes of cyber insecurity can be approached on
technical, managerial, and administrative backgrounds
Managerial Causes of Cyber Insecurity
The issue of cyber insecurity can be linked to managerial
gaps undermining effective compliance to ethics and legal
assumptions related to the subject matter. Companies are
normally required to promote measures for realizing effective
and efficient use of technology. Although most companies have
relevant policies for ensuring the impressive engagement of
technology to handle business matters, limited attention has
been influenced in realizing prompt management of such
internal policies. Lack of ethical compliance in the use of the
existing internal policies for managing technology use has been
reported in most companies (Almudaires, Rahman, &
Almudaires, 2021). Other than the inability of employees to
follow the existing protocols for realizing perfect technology
use, management parties concerned also lack relevant
frameworks for ensuring accuracy in the implementation of
technology factors to conduct businesses. With such a
management gap, there has been an increase in the number of
reported cases in various legal establishments around the world.
Most of the theft of company information stored in the cloud is
influenced by internal employees even with the existing
standards of handling such matters in business environments.
Therefore, there is a significant need for an improved solution
to cyber insecurity both within the management departments in
companies and externally through other relevant mechanisms.
Technical Contributors of Cyber Insecurity
The technical contributor of cyber insecurity is based on the
influenced commitments to designing and developing the system
architecture. Relevant standards have been established to guide
developers through designing processes to ascertain top-level
15. security in the established systems. Lack of effective
compliance to such design and development standards has
contributed significantly to the existing vulnerability of systems
to potential threats of cyber insecurity (Paich, 2017). Such a
gap in the establishment of system architecture is brought about
by the lack of enough time and resources for achieving the
objectives of existing designing standards. Another factor that
also plays a big role in the existence of technical contributors to
cyber insecurity is improper demands from clients. For example,
inaccurate or fixed plans in the designing timelines have
ensured ineffectiveness in the developed systems to enhance
security. For that matter, it is proper to ensure a solution that
handles the technical component of system establishment and its
role in promoting cyber insecurity.
Administrative Contributors of Cyber Insecurity
The administrative contributors to cyber insecurity encompass
all relevant measures for ensuring efficiency and effectiveness
in the development, adoption, and use of technology to handle
both the social and economic needs of the system users.
Particularly, it is the role of the government to ensure that
technology is used effectively and legally to create a better
environment for both economic and social integration. To
achieve this, the government creates laws that are pertinent to
maintaining security, reliability, and efficiency in the adoption
and implementation of technology. Regardless of the existing
legal formalities underlying effectiveness and efficiency in the
use of technological factors, matters of cyber insecurity have
been on the rise in all global countries (Srinivas, Das, & Kumar,
2019). This is a clear indication that the existing legal measures
for promoting a fair and secure engagement of technological
factors are proving irrelevant in serving their intended purposes.
The engagement of politics in the implementation of technology
has hindered the ability of the existing legal measures to
influence the desired results in managing cyber security issues
globally. Therefore, the proposed solution to the issue of
insecurity should also look at the administrative perspective of
16. the subject matter.
Mitigation Strategies for Cyber Insecurity
One of the probable strategies for enhancing a secure system
that influences cyber security calls for the engagement of
perfect management of the existing standards for system
development. Most of the system developers hired by companies
to participate in designing and managing systems are only teams
of professionals. Companies pay little attention to matters of
compliance or qualifications to adopt system designing
standards when hiring the required teams of specialists (Paich,
2017). To handle this issue, every country in the world will be
required to have a special agency that registers all system
developers upon passing a specific test related to standards and
guidelines for system designing.
Business companies will only be required to higher
professionals who present a certificate of performance and
approval certificates related to standards and guidelines of
system development. This strategy will work to ensure a team of
professionals who are ethically and legally compliant in the
engagement of their design and development abilities. With
this, matters related to lack of compliance to cyber security
standards while developing systems will be approached with
effective technical measures. Incidences of lack of integration
of cyber security protocols in the established systems will be
reduced and eliminated to create a perfect environment for
promoting cyber security (Sabillon, Cavaller, & Cano, 2016).
Another strategy for mitigating the risk of cyber insecurity calls
for engaging business companies in encouraging compliance to
cyber security standards and guidelines for achieving the
subject matter. Concerning the explored strategies, it is a
recommendation for the company to ensure perfect research on
networking technology to eliminate the potentiality of the use of
the old technologies such as computers to hack information
through the internet.
17. References
Almudaires, F., Rahman, M. H., & Almudaires, M. (2021). An
Overview of Cybersecurity, Data Size and Cloud Computing in
light of Saudi Arabia 2030 Vision. 2021 International
Conference on Information Technology (ICIT), 268-273.
Paich, J. (2017, January 24). CMS Recommendations for
Providers and Suppliers for Cyber Security. Retrieved from
MCN Healthcare: https://www.mcnhealthcare.com/cms-
recommendations-providers-suppliers-cyber-
security/#:~:text=CMS%20encourages%20providers%20to%20c
onsider%20cyber-
security%20as%20an,cyber%20security%20protocols%20to%20
their%20policies%20and%20procedures
Sabillon, R., Cavaller, V., & Cano, J. (2016). National cyber
security strategies: global trends in cyberspace. International
Journal of Computer Science and Software Engineering, 5(5),
67.
Srinivas, J., Das, A. K., & Kumar, N. (2019). Government
regulations in cyber security: Framework, standards and
recommendations. Future Generation Computer Systems, 92,
178-188.
Prioritized Risk and Response Matrix.docx
Running head: PRIORITIZED RISK AND RESPONSE MATRIX
2
18. PRIORITIZED RISK AND RESPONSE MATRIX
2
Prioritized Risk and Response Matrix
Name
Institution
Date
Prioritized Risk and Response Matrix
The potential risks that would be realized from the impacts of
the identified threats to the systems of the company include loss
of information, damage of the stored information, destruction of
physical components of the system, cyber insecurity, theft of
information, loss of potential professionals, and manipulation of
stored information (Wu, Li, Teng, Chen, & Wang, 2020). The
probable response to the risks includes engagement of system
management policies, use of genuine applications, adopting
privately managed systems, securing the physical structure of
the system, use of the private network, and proper architecture
of the network infrastructure. The following matrix indicates
the prioritized risks and their corresponding response
19. mechanism for the target mid-sized company.
Priority
Risk
Response
1
Cyber insecurity
Use of genuine applications, adopting privately managed
systems, installation of privately managed antivirus, and proper
architecture of the network infrastructure
2
Theft of stored data
Use of genuine applications, adopting privately managed
systems, installation of privately managed antivirus, system
management policies, and proper architecture of the network
infrastructure
3
Destruction of the physical component of the systems
Securing the physical structure of the system
4
Loss of stored information
Use of genuine applications, adopting privately managed
systems, installation of privately managed antivirus, system
management policies, and proper architecture of the network
infrastructure
5
Manipulation pf stored information
Use of genuine applications, adopting privately managed
systems, installation of privately managed antivirus, system
management policies, and proper architecture of the network
infrastructure
6
Loss of potential professionals
Securing the physical structure of the system and system
management policies
20. Reference
Wu, J., Li, J., Teng, Y., Chen, H., & Wang, Y. (2020). A
partition computing-based positive matrix factorization (PC-
PMF) approach for the source apportionment of agricultural soil
heavy metal contents and associated health risks. Journal of
Hazardous Materials, 388, 121766.
Project 3: Business Continuity
Project 3: Business Continuity is a two-week project that
continues to build upon the first two projects: the Vulnerability
Assessment and the Risk Assessment. Project 3 provides the
opportunity to design and describe the implementation, testing,
and maintenance of an enterprise business continuity plan
(BCP). The final deliverable should ensure alignment with
organizational goals and objectives. Every enterprise needs a
carefully crafted road map to return to operational status in case
of a cyber event. A BCP is that map.
Start Here
Print Project
In the process of enterprise risk management, a primary element
is the business continuity plan (BCP), which consists of steps to
continue operations should a worst-case scenario event take
place. Your work on vulnerabilities, threats, and risk in the first
two projects will support this.
The BCP assignment will detail the following elements:
21. · resources required and defined stakeholder roles
· business impact analysis
· recommended preventative controls
· recovery strategies
· contingency plan that includes implementation and
maintenance guidelines and defined procedures for testing the
plan
Grades are determined on the ability to clearly articulate a
developed, effective business continuity plan that considers
relevant environmental factors and aligns with organizational
objectives.
This is the third of four sequential projects. There are 13 steps
in this project. Begin below to review your project scenario.
Scenario
You are working at your desk when your boss, CIO Maria Sosa,
stops by.
Maria says: Did you hear that we won the contract to provide
cloud-based computer services for Enrocca? This is a high-
profile contract, and working with this federal client is a big
win for us.
You respond: That's great news. I know that the compliance
requirements for working with a federal agency are pretty
substantial and include a thorough business continuity plan.
We'll need to meet or exceed the federal standards for
compliance, so we should start the process of updating our BCP
soon.
Maria nods and replies: Good point. Remember when the Poser
Soft servers were damaged by that flood last year? That caused
them to be late on their deliverables to Enrocca. We definitely
don't want something like that to happen to us.
As Maria is speaking, you remember that a friend of yours was
laid off when Poser Soft lost the Enrocca contract because of
that very incident. You assure Maria that you'll get started on
the new BCP this week.
22. Close
Competencies
Your work will be evaluated using the competencies listed
below.
· 1.4: Tailor communications to the audience.
· 2.3: Evaluate the information in a logical and organized
manner to determine its value and relevance to the problem.
· 9.1: Continuity Planning and Implementation: Develop,
implement, and maintain a business continuity plan, ensuring
alignment with organizational goals and objective
Artifacts to submit for this project
Top of Form
1) BCP scope
2) Business impact analysis
3) Key resources and stake holders
4) Preventive controls list
5) Viable recovery strategies
6) Contingency plan
7) Business continuity plan
NB; This I what is required for the last artifact ( Business
Continuity Plan)
Turnitin®
This assignment will be submitted to Turnitin®.
Hide RubricsRubric Name: Business Continuity Plan
Print Rubric
This table lists criteria and criteria group names in the first
column. The first row lists level names and includes scores if
the rubric uses a numeric scoring method. You can give
feedback on each criterion by tabbing to the add feedback
23. buttons in the table.Competency
1.4: Tailor communications to the audience.
2.3: Evaluate the information in a logical and organized manner
to determine its value and relevance to the problem.
9.1: Develop, implement, and maintain a business continuity
plan, ensuring alignment with organizational goals and
objectives.
Associated Learning Objectives
1.4.1: Identify target audience.
Assessment Method: Score on Criteria - 1.4: Tailor
communications to the audience.
Required Performance: Meets Performance Requirements
1.4.2: Explain unfamiliar terms and material.
Assessment Method: Score on Criteria - 1.4: Tailor
communications to the audience.
Required Performance: Meets Performance Requirements
1.4.3: Employ precise, appropriate language.
Assessment Method: Score on Criteria - 1.4: Tailor
communications to the audience.
Required Performance: Meets Performance Requirements
24. 1.4.4: Use audience-appropriate, consistent tone.
Assessment Method: Score on Criteria - 1.4: Tailor
communications to the audience.
Required Performance: Meets Performance Requirements
1.4.5: Avoid language which indicates bias against
individuals/groups their affiliations, orientations and beliefs.
Assessment Method: Score on Criteria - 1.4: Tailor
communications to the audience.
Required Performance: Meets Performance Requirements
2.3.1: Evaluate reliability, validity, accuracy, authority,
timeliness, and point of view.
Assessment Method: Score on Criteria - 2.3: Evaluate the
information in a logical and organized manner to determine its
value and relevance to the problem.
Required Performance: Meets Performance Requirements
2.3.2: Evaluate the structure and logic of arguments and
methods.
25. Assessment Method: Score on Criteria - 2.3: Evaluate the
information in a logical and organized manner to determine its
value and relevance to the problem.
Required Performance: Meets Performance Requirements
2.3.3: Select and incorporate information that provides evidence
for the topic
Assessment Method: Score on Criteria - 2.3: Evaluate the
information in a logical and organized manner to determine its
value and relevance to the problem.
Required Performance: Meets Performance Requirements
9.1.1: Define the scope of the enterprise continuity of
operations program (COOP) to address business continuity,
business recovery, contingency planning, disaster recovery, and
related activities.
Assessment Method: Score on Criteria - 9.1: Develop,
implement, and maintain a business continuity plan, ensuring
alignment with organizational goals and objectives.
Required Performance: Meets Performance Requirements
9.1.2: Identify the resources and roles of different stakeholders
in business continuity programs.
Assessment Method: Score on Criteria - 9.1: Develop,
26. implement, and maintain a business continuity plan, ensuring
alignment with organizational goals and objectives.
Required Performance: Meets Performance Requirements
9.1.3: Conduct a business impact analysis (BIA).
Assessment Method: Score on Criteria - 9.1: Develop,
implement, and maintain a business continuity plan, ensuring
alignment with organizational goals and objectives.
Required Performance: Meets Performance Requirements
9.1.4: Recommend preventive controls that are aligned with
organizational goals and strategies.
Assessment Method: Score on Criteria - 9.1: Develop,
implement, and maintain a business continuity plan, ensuring
alignment with organizational goals and objectives.
Required Performance: Meets Performance Requirements
9.1.5: Develop recovery strategies.
Assessment Method: Score on Criteria - 9.1: Develop,
implement, and maintain a business continuity plan, ensuring
alignment with organizational goals and objectives.
Required Performance: Meets Performance Requirements
27. 9.1.6: Create a contingency plan that includes implementation
and maintenance.
Assessment Method: Score on Criteria - 9.1: Develop,
implement, and maintain a business continuity plan, ensuring
alignment with organizational goals and objectives.
Required Performance: Meets Performance Requirements
Bottom of Form