[ISN] REVIEW: "Disaster Recovery Planning", Jon Toigo

From: InfoSec News (isnat_private)
Date: Mon Jan 20 2003 - 22:56:14 PST

  • Next message: InfoSec News: "[ISN] Local woman missing"

    Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rsladeat_private>
    
    BKDRPCCR.RVW   20021123
    
    "Disaster Recovery Planning", Jon Toigo, 1996, 0-471-12175-4
    %A   Jon Toigo
    %C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
    %D   1996
    %G   0-471-12175-4
    %I   John Wiley & Sons, Inc.
    %O   416-236-4433 fax: 416-236-4448
    %O  http://www.amazon.com/exec/obidos/ASIN/0471121754/robsladesinterne
    %P   329 p. + disk
    %T   "Disaster Recovery Planning: For Computers and Communication
          Resources"
    
    The purpose of the book is stated to be a modular reference for
    professionals.  In that regard, it succeeds, with a realistic
    approach, and helpful tools for the planner.
    
    Chapter one is a general introduction, with a sensible look at what
    disaster recovery planning (DRP) can do, and a useful section listing
    extra benefits of such a plan, which can be helpful in selling the
    idea to senior management.  An overview of the planning project is
    given in chapter two, including an information flow diagram.  The
    discussion stresses similarities and differences between disaster
    recovery planning and other types of projects.  Each chapter from this
    point on ends with a summary of important concepts and a checklist of
    basic points for the project, and most contain a number of forms of
    benefit in gathering and analyzing information.  A very detailed
    description of the preliminary steps for project initiation is
    provided in chapter three.  Some of the material, such as sources of
    risk information, is US-centric, and the book is, understandably, not
    current with the latest types of risk analysis software.  The itemized
    data collection forms in chapter four are very good, but limited
    attention is paid to a number of important "social" and political
    issues.  Mention is made of the need for management buy-in, but the
    forms still ask dangerous questions, such as how many staff the
    manager can do without.  Chapter five deals with risk analysis, and,
    while there is not much more information on the process than is
    contained in most such texts, there is a good analysis of the
    weaknesses of common approaches.  Disaster prevention for facilities
    and infrastructures, in chapter six, has varying levels of detail, but
    it is generally superior to other works.  Off-site storage
    considerations are discussed in chapter seven.  Chapters eight and
    nine review systems and network recovery, and, while there is a good
    overview, the content is not up to the standard of previous material. 
    End-user recovery, in chapter ten, looks at necessary facilities,
    supplies and services for personnel, an often overlooked requirement.
    
    Chapter eleven covers the presentation of the plan to management, and
    consists primarily of a checklist of items to include.  Plan
    development, in chapter twelve, concentrates on the creation of
    detailed procedures and documentation, and possibly should have been
    included in some of the prior chapters.  There is a vague and terse
    look at training in chapter thirteen.  Chapter fourteen does a better
    job of considering testing, but is not necessarily than other works.
    
    It is disappointing that the good start to the book does not carry
    through to equal quality in the later chapters.  However, despite gaps
    and some weaknesses, overall this book is possibly the best I have
    found on the disaster recovery and business continuity topics.
    
    copyright Robert M. Slade, 2002   BKDRPCCR.RVW   20021123
    
    -- 
    ======================
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
    Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
        February 10, 2003   February 14, 2003   St. Louis, MO
        March 31, 2003      April 4, 2003       Indianapolis, IN
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Jan 21 2003 - 03:08:03 PST