[ISN] REVIEW: "The Definitive Handbook of Business Continuity Planning", Andrew Hiles/Peter Barnes

From: InfoSec News (isnat_private)
Date: Tue Dec 24 2002 - 02:35:17 PST

  • Next message: InfoSec News: "[ISN] County vulnerable to hackers"

    Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rsladeat_private>
    
    BKDHOBCP.RVW   20020923
    
    "The Definitive Handbook of Business Continuity Planning", Andrew
    Hiles/Peter Barnes, 1999, 0-471-48559-4, C$90.00
    %E   Andrew Hiles
    %E   Peter Barnes
    %C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
    %D   1999
    %G   0-471-48559-4
    %I   John Wiley & Sons, Inc.
    %O   C$90.00 416-236-4433 fax: 416-236-4448
    %O  http://www.amazon.com/exec/obidos/ASIN/0471485594/robsladesinterne
    %P   391 p.
    %T   "The Definitive Handbook of Business Continuity Planning"
    
    The first two pages of the foreword are a promotional piece for the
    Survive organization which, incidentally, employs both authors.  The
    foreword also states that the authors expect this to be "the most
    authoritative work on business continuity planning (BCP) yet
    produced."
    
    Section one is an executive overview. Chapter one states that
    disasters do happen and can affect business.  While not always clearly
    focused, chapter two's outline of a business continuity strategy is
    generally good.  Vague thoughts on a slightly more generic BCP, under
    a different name, make up the review of crisis management in chapter
    three.  Chapter four defines multilateral continuity planning as
    involving interrelated companies, vendors, customers, and so forth.  A
    disaster can result in bad publicity, we are told in chapter five. 
    Chapter six is a partial list of threats.
    
    Section two is supposed to be a how-to guide for planning business
    continuity.  Chapter seven presents a basic but reasonable outline of
    the BCP methodology.  The usual advice for project initiation and
    management is provided in chapter eight.  Risk evaluation and
    management, in chapter nine, is very vague, although part two is
    better than part one.  There are gaps in details and tenuous
    conceptual presentations of business impact analysis in chapter ten.
    
    Chapter eleven talks about BCP, but in respect to specific work areas
    or business units.  Manufacturing BCP is handled in chapter twelve,
    although not much is different.  The same is true for communications--
    basically, chapter thirteen's advice boils down to having alternative
    sources.
    
    Chapter fourteen looks at emergency response, planning for the
    earliest and shortest part of the event.  Then there is a repeat of
    much of the earlier information, under the heading of developing the
    plan, in chapter fifteen.  Chapter sixteen is supposed to be about
    using auditing, training and testing to drive awareness, but is mostly
    just about auditing, training, and testing.  Maintaining the BCP, in
    chapter seventeen, is mostly about testing.  Chapter eighteen, on
    selecting BCP tools, gives a listing of tool types, and a number of
    questions to ask about the tools that are mostly irrelevant for any
    specific tool.  Coping with people in recovery, in chapter nineteen,
    deals with the psychological trauma that people experience in
    emergencies.  The material is not particularly useful, but it is nice
    to see the topic addressed.  Chapter twenty closes off with a
    promotion of the idea of business continuity planning.
    
    Appendix A is a set of "case studies."  These are mostly stories of
    disasters, without an awful lot of detail or analysis.
    
    The material is a reasonable overview of the BCP process, but nothing
    is particularly helpful or useful.
    
    copyright Robert M. Slade, 2002   BKDHOBCP.RVW   20020923
    
    -- 
    ======================
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
    Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
        February 10, 2003   February 14, 2003   St. Louis, MO
        March 31, 2003      April 4, 2003       Indianapolis, IN
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Dec 24 2002 - 09:10:46 PST