APPROVED

MACS H6013: Business Continuity Management

Module Details
Module Code: MACS H6013
Module Long Title: Business Continuity Management APPROVED
Banner Title:
Version: 1
Indicative NFQ level: Level 9
Valid From: Semester 1 - 2015/16 ( September 2015 )
Language of Instruction: English

ECTS Credits:: 10

ISCED Code: 0612 - Database and network design and administration

Module Type
No Module study modes listed

Current Coordinator:: Tania Malik

Module Coordinators:
Christina Thorpe ( 01 September 2015 to 15 May 2023 )
Tania Malik ( 15 May 2023 to --- )

School Responsible: Blanchardstown Campus (BL)

Campus: Blanchardstown

Module Overview The purpose of this module is twofold: Firstly, to help the students to acquire an extremely thorough understanding of a globally recognised
methodology for implementation and maintenance of Business Continuity Management (BCM) programs. On completion of the course, students
should have acquired the skills and understanding to be able to participate in BCM programs and BC projects for an organisation. This module will
introduce the essential steps of developing BC and Disaster Recovery (DR) strategies, design and implementation of BC plans, preparing and
conducting awareness and training programmes. Students will acquire the essential skills and knowledge of project management, risk analysis and
review, Business Impact Analysis (BIA), recovery strategy, plan development, and testing and exercising. Secondly, given the significant penetration of
Cloud computing in recent years, this module will help the students gain an awareness of the security threats and best practices for securing the
Cloud. The concept of Cloud computing continues to evolve, this module provides students with the latest information on new areas of focus in the
changing Cloud security landscape. Amazon AWS will be used as a case study to demonstrate the important role the Cloud will have in the future of
business continuity and disaster recovery. For example, students will investigate how S3 and Glacier can be used as backup solutions.

Indicative Syllabus
1. Introduction
1.1) Introduction to business continuity and disaster recovery in IT environments. Scanning the risk horizon to investigate the changing nature and impact of risk and how it impacts on business
continuity.
2. Understanding the Standards
2.1) Why standards are necessary. A historical view and the evolution of the standards. Examining the key standards in the area of business continuity and disaster recovery. Comparing the
various standards. Considerations when using standards.
3. Risk Evaluation and Control
3.1) Understanding risk. The risk assessment process. Options for risk management. Risk identification and measurement. Risk standards. A detailed look at risk assessment in different
industries, e.g., Health and safety, finance, health care, etc. Critical component failure analysis. Operational risk management. Output approach to risk. Site and security risk areas. Suppliers
risk areas.
4. Business Impact Analysis
4.1) Why and how to conduct a BIA. Data collection methods. Critical Success factors. Key performance indicators. SLAs. Desk review of documentation. Questionnaires. Interviews.
Workshops. Impact matrix. RTO and RPO.
5. Developing Continuity Strategies
5.1) Why it is necessary. Options: backups, alternative sites, quick resupply, offsite storage, buying in or outsourcing. Option comparison. ICT recovery strategies: continuous processing,
virtualisation, Cloud. Contractual arrangements.
6. Emergency Response and Operations
6.1) Define 'Emergency Response’. Incident management. Emergency services. Public authorities. Roles. Combined response. Salvage and restoration. Public relations and crisis
communication.
7. Developing and Implementing the Plan
7.1) Defining the scope. Developing the plan. Procedure driven planning. Decision driven planning. Planning considerations. BC terms. Tasks actions and functions. Roles and responsibilities.
Alternative locations. Contact details. Vital documents and materials. Resource requirements. Reporting process. Audit trail. Software tools and formats.
8. Auditing, Maintaining, and Exercising the Plan
8.1) Plan audit. Difference between testing and exercising. Why exercises are necessary. Exercise strategy and methods. Reporting. Plan review and maintenance. Tools.
9. BCDR in the Cloud
9.1) Case study of AWS to demonstrate the important role the Cloud will play in the future of BCDR. Practical exercises with S3 and Glacier for backup. Investigate AWS Elastic Block Store for
creating snapshots of data volumes. AWS import/export for rapid migration of large data sets into and out of the Cloud. AWS storage gateway.
10. Cloud Architecture
10.1) Definition of Cloud Computing (Essential Characteristics, Cloud Service Models, Cloud Deployment Models), Multi-Tenancy, CSA Cloud Reference Model, Jericho Cloud Cube Model,
Cloud Security Reference Model, Cloud Service Brokers, Service Level Agreements
11. Legal Issues: Contracts and Electronic Discovery
11.1) Consideration of cloud-related issues in three dimensions, eDiscovery considerations, Jurisdictions and data locations, Liability for activities of subcontractors, Due diligence responsibility,
Federal Rules of Civil Procedure and electronically stored information.
12. The Future of BCM
12.1) Research the current state of the art in BCM and Cloud and propose a likely direction or trend that may be seen in the near future. Take a deep dive into a selection of recently published
papers to aid discussion.

Page 1 of 6
 Learning Outcomes
Upon successful completion of this module the learner will be able to
#
MLO1 Identify and appraise the risks and their potential impact using appropriate data gathering methods.
MLO2 Evaluate the benefits of BCM and construct an argument for implementing BCM in an organisation i.e., to obtain 'Executive Buy-in'.
MLO3 Analyse a business and develop efficient plans for business continuity and disaster recovery to meet business needs.
MLO4 Design and implement strategies and systems for protecting critical information assets in the Cloud.

Requisites
Requisite Type Module Title Type
No requisites exist.

Page 2 of 6
 Module Content & Assessment
Assessment Breakdown %
Other Assessment(s) 100.00%

Assessments
No Formal Examination

Other Assessment(s)
Assessment Type Presentation % of Total Mark for Module 30
Indicative Week Week 5 Learning Outcomes 2
Semester Not Yet Determined Assessment Threshold:
Assessment Role Assessment Authenticity
Pass/Fail No
Assessment Description
Preplanning Activities: Give a 10min presentation to the executive management committee to convince them to invest in BCM. Conduct a Business Impact Analysis and present the results.

Assessment Type Project % of Total Mark for Module 35

Indicative Week Week 9 Learning Outcomes 1,3
Semester Not Yet Determined Assessment Threshold:
Assessment Role Assessment Authenticity
Pass/Fail No
Assessment Description
Business Continuity & Disaster Recovery Plan and Presentation.

Assessment Type Project % of Total Mark for Module 35

Indicative Week Week 14 Learning Outcomes 4
Semester Not Yet Determined Assessment Threshold:
Assessment Role Assessment Authenticity
Pass/Fail No
Assessment Description
Develop and secure a Cloud application.

Reassessment Requirement
No repeat examination
Reassessment of this module will be offered solely on the basis of coursework and a repeat examination will not be offered.

Page 3 of 6
 Module Activity
Full Time hours per semester
Activity Type Duration (Hours)
Lecture 30
Studio 30
Self Directed 140
Hours (up to 100 for 5 ECTS credits) 200.00

Page 4 of 6
 Recommended Reading List
Recommended Book Resources

Andrew N. Hiles (Author), Kristen Noakes-Fry (Editor). (2014), Business Continuity Management: Global Best Practices, 4th.
j Samani (Author), Jim Reavis (Contributor), Brian Honan (Contributor). (2014), CSA Guide to Cloud Computing: Implementing Cloud Privacy and Security.

This module does not have any journal article/paper resources

Other Resources

Internet based resource, Disaster recovery 1,

http://www.disaster-recovery-guide.com/
Internet based resource, Disaster recovery 2,
http://en.wikipedia.org/wiki/Seven_tiers _of_disaster_recovery
Whitepaper, AWS. (2014), AWS Disaster Recovery, Amazon,
http://media.amazonwebservices.com/AWS_D isaster_Recovery.pdf

Page 5 of 6
 Review

Module Extra Information

Editor(s)
Editor
Daniel McSweeney
Christina Thorpe

Affiliated Programmes
Programme Code Programme Title Programme Version
TU252M Master of Science in Computing in Applied Cyber Security 1
(Research)
TU252M Master of Science in Computing in Applied Cyber Security 2
(Research)
TU252R Master of Science in Computing in Applied Cyber Security 2
TU252X Postgraduate Diploma in Computing in Cybersecurity 1

Status Log
No Status Log Information

Page 6 of 6