CGS 2811 - Incident Response & Disaster Recovery

College of Computer & Information Technology

Credit(s): 3
Contact Hours: 47
Effective Term Spring 2026 (660)

Requisites

Prerequisite CTS 1120 with a minimum grade of C

Course Description

This course is designed to provide the student with an understanding of the concepts and practices of contingency operations, including the administration of the planning process for incident response, disaster recovery, and business continuity planning. Topics include organizational readiness planning, the phases of incident response, different contingency strategies, tasks related to the preparation, implementation, operations, and maintenance of disaster recovery, and business continuity.

Learning Outcomes and Objectives

  1. The student will demonstrate an understanding of basic components of contingency planning to ensure organizational readiness by:
    1. defining and explaining the basic concepts of information security and risk management.
    2. identifying and defining the components of contingency planning.
    3. examining the role of information security policy in the development of contingency plans.
    4. identifying the elements needed to begin the contingency planning process.
    5. creating an effective contingency planning policy.
    6. developing the steps needed to create and maintain a budget for enabling the contingency planning process.
  2. The student will demonstrate an understanding of how to prepare and organize the incident response process by:
    1. identifying the process used to organize the incident response process.
    2. exploring how policy affects the incident response planning process and how policy can be implemented to support incident response practices.
    3. describing the techniques that can be employed when forming a security incident response team (SIRT).
    4. discussing the skills and components required to devise an incident response plan.
    5. identifying some of the concerns and trade-offs to be managed when assembling the final incident response (IR) plan.
  3. The student will demonstrate an understanding of incident detection and reaction by:
    1. evaluating the elements necessary to detect incidents that pose risk to the organization.
    2. listing the components of an intrusion detection system.
    3. exploring the processes used in making decisions surrounding incident detection and escalation.
    4. identifying the elements of an incident recovery response, as well as the impact of selecting a reaction strategy, developing a notification mechanism, and the creation of escalation guidelines.
    5. examining how an organization plans for and executes the recovery process when an incident occurs.
  4. The student will demonstrate an understanding of the recovery and maintenance phases of the incident response process by:
    1. exploring the relationships between the overall use of contingency planning and the subordinate elements of incident response, business resumption, disaster recovery and business continuity planning.
    2. becoming familiar with the techniques used for data and application backup and recovery.
    3. identifying the strategies employed for resumption of critical business processes at alternate and recovered sites.
    4. listing the steps involved in the ongoing maintenance of the incident response plan.
    5. exploring the processes used to collect and manage data in an electronic environment.
  5. The student will demonstrate an understanding of the key concepts of disaster recovery by:
    1. classifying different disaster types, both by speed of onset and source of the threat.
    2. describing who should form the membership of the disaster recovery team.
    3. identifying the key functions of the disaster plan.
    4. explaining the key concepts included in the National Institute of Standard Technology (NIST) approach to technical contingency planning.
    5. describing the elements of a sample disaster recovery plan.
    6. recognizing the need for simultaneous wide access to the planning documents as well as the need for securing the sensitive content of the disaster recovery plans.
  6. The student will demonstrate an understanding of the key challenges an organization faces when engaged in disaster recovery operations by:
    1. describing the actions required to prepare for the activation of the disaster recovery plan.
    2. recognizing the critical elements that compose the response phase of the disaster recovery plan.
    3. examining what occurs in the recovery phase of the disaster recovery plan.
    4. describing how an organization uses the resumption phase of the disaster recovery plan.
    5. exploring how an organization resumes normal operations using the restoration phase of the disaster recovery plan.
  7. The student will demonstrate an understanding of how to prepare, implement and maintain a business continuity plan by:
    1. identifying the elements of business continuity.
    2. recognizing who should be included in the business continuity team.
    3. describing the methodology used to construct the business continuity policy.
    4. describing several tips useful for creating effective business continuity plans.
    5. recognizing and referencing two sample business continuity plans.
    6. discussing the details of how a business continuity plan implementation unfolds.
    7. describing the steps taken to maintain the business continuity plan.

Criteria Performance Standard

Upon successful completion of the course the student will, with a minimum of 70% accuracy, demonstrate mastery of each of the above stated objectives through classroom measures developed by individual course instructors.

History of Changes

Eff 20071(0385). (Submitted as CIS23XX; State approved as CGS2811). *Prereq # chg by SCNS effective 20091(0415).* Online 20092(0420). C&I Approval: 09/11/2007, BOT Approval: 10/16/2007, Effective Term: Spring 2010 (420).
C&I Approval: , BOT Approval: , Effective Term: Spring 2026 (660)

Related Programs

  1. Cybersecurity (CYSEC-TR) (670) (Active)
  2. Cybersecurity (CYSEC-BAS) (610) (Active)
  3. Cybersecurity (ITSC-AS) (640) (Active)
  4. Cybersecurity (ITSC-CT) (510) (Active)
  5. Financial Technology Specialist (FINTECH-CT) (660) (Active)
  6. Financial Technology Specialist (FINTECH-CT) () (Draft)
  7. Technology Development & Management (TMGT-TR) (670) (Active)