[ISN] REVIEW: "A Guide to Business Continuity Planning", James C. Barnes

From: InfoSec News (isnat_private)
Date: Thu Nov 21 2002 - 07:17:28 PST

  • Next message: InfoSec News: "[ISN] Why is mi2G so unpopular?"

    Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rsladeat_private>
    BKAGTBCP.RVW   20020922
    [ http://www.amazon.com/exec/obidos/ASIN/0471530158/c4iorg  - WK]
    "A Guide to Business Continuity Planning", James C. Barnes, 2001,
    0-471-53015-8, U$35.00
    %A   James C. Barnes
    %C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
    %D   2001
    %G   0-471-53015-8
    %I   John Wiley & Sons, Inc.
    %O   U$35.00 416-236-4433 fax: 416-236-4448
    %P   174 p.
    %T   "A Guide to Business Continuity Planning"
    Chapter one is an introduction, and also introduces us to a
    characteristic of the book: enormous tables with little apparent
    purpose.  Table 1.1 is a list, by country, of regulatory agencies that
    may have something to require from you in the way of business
    continuity planning (BCP).  The table is stated to be for motivational
    use, but does point out some BCP ideas or policies.  There is also a
    rather innocent sounding mention that the book is written from the
    perspective of a consultant: this fact is more significant than the
    reader may realize.  For project foundation, chapter two does not give
    the usual advice to get management onside and build a broadly based
    team, but concentrates on costing, expanding, and selling consulting
    services.  (There are confusing areas: having presented one
    questionnaire, the text tells you to use results from "the two."  Some
    items (such as the advice to use a month's worth of invoices to
    estimate rate of consumption of supplies) are helpful, but a lot of
    space seems to be wasted (on things like pages of fake employee and
    customer data--and a month's worth of supply invoices).  The list of
    threats, consequences, and preventive measures is more than usually
    detailed (and listed twice), in chapter three, but the discussion of
    business impact analysis (BIA) itself is *extremely* terse.  Chapter
    four's initial material on strategy selection is quite confused.  The
    example RFP (Request For Proposal) for business continuity services
    does have some good points, but the pages of lists of specific PCs to
    be provided seem pointless.  Later details are brief, but reasonable. 
    Plan development, in chapter five, assumes multiple teams and, again,
    has some good points (the provision for leadership succession), but
    the lists become too specific in many places (does the top level
    emergency management team really all need to do CPR?)  There is almost
    no general discussion of testing and maintenance in chapter six.
    The book is not necessarily wrong, but only has enough real material
    for a good magazine article.
    copyright Robert M. Slade, 2002   BKAGTBCP.RVW   20020922
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
    Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
        November 25, 2002   November 29,2002    Toronto, ON, Canada
        December 16, 2002   December 20,2002    San Francisco, CA
        February 10, 2003   February 14, 2003   St. Louis, MO
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Nov 21 2002 - 10:58:16 PST