REVIEW: "The Definitive Handbook of Business Continuity Planning", Andrew Hiles/Peter Barnes

[InfoSec News <isn () c4i org>]

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade () sprint ca>

BKDHOBCP.RVW   20020923

"The Definitive Handbook of Business Continuity Planning", Andrew
Hiles/Peter Barnes, 1999, 0-471-48559-4, C$90.00
%E   Andrew Hiles
%E   Peter Barnes
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   1999
%G   0-471-48559-4
%I   John Wiley & Sons, Inc.
%O   C$90.00 416-236-4433 fax: 416-236-4448
%O  http://www.amazon.com/exec/obidos/ASIN/0471485594/robsladesinterne
%P   391 p.
%T   "The Definitive Handbook of Business Continuity Planning"

The first two pages of the foreword are a promotional piece for the
Survive organization which, incidentally, employs both authors.  The
foreword also states that the authors expect this to be "the most
authoritative work on business continuity planning (BCP) yet
produced."

Section one is an executive overview. Chapter one states that
disasters do happen and can affect business.  While not always clearly
focused, chapter two's outline of a business continuity strategy is
generally good.  Vague thoughts on a slightly more generic BCP, under
a different name, make up the review of crisis management in chapter
three.  Chapter four defines multilateral continuity planning as
involving interrelated companies, vendors, customers, and so forth.  A
disaster can result in bad publicity, we are told in chapter five. 
Chapter six is a partial list of threats.

Section two is supposed to be a how-to guide for planning business
continuity.  Chapter seven presents a basic but reasonable outline of
the BCP methodology.  The usual advice for project initiation and
management is provided in chapter eight.  Risk evaluation and
management, in chapter nine, is very vague, although part two is
better than part one.  There are gaps in details and tenuous
conceptual presentations of business impact analysis in chapter ten.

Chapter eleven talks about BCP, but in respect to specific work areas
or business units.  Manufacturing BCP is handled in chapter twelve,
although not much is different.  The same is true for communications--
basically, chapter thirteen's advice boils down to having alternative
sources.

Chapter fourteen looks at emergency response, planning for the
earliest and shortest part of the event.  Then there is a repeat of
much of the earlier information, under the heading of developing the
plan, in chapter fifteen.  Chapter sixteen is supposed to be about
using auditing, training and testing to drive awareness, but is mostly
just about auditing, training, and testing.  Maintaining the BCP, in
chapter seventeen, is mostly about testing.  Chapter eighteen, on
selecting BCP tools, gives a listing of tool types, and a number of
questions to ask about the tools that are mostly irrelevant for any
specific tool.  Coping with people in recovery, in chapter nineteen,
deals with the psychological trauma that people experience in
emergencies.  The material is not particularly useful, but it is nice
to see the topic addressed.  Chapter twenty closes off with a
promotion of the idea of business continuity planning.

Appendix A is a set of "case studies."  These are mostly stories of
disasters, without an awful lot of detail or analysis.

The material is a reasonable overview of the BCP process, but nothing
is particularly helpful or useful.

copyright Robert M. Slade, 2002   BKDHOBCP.RVW   20020923

-- 
======================
rslade () vcn bc ca  rslade () sprint ca  slade () victoria tc ca p1 () canada com
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
    February 10, 2003   February 14, 2003   St. Louis, MO
    March 31, 2003      April 4, 2003       Indianapolis, IN




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.