REVIEW: "A Guide to Business Continuity Planning", James C. Barnes

[InfoSec News <isn () c4i org>]

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade () sprint ca>

BKAGTBCP.RVW   20020922

[ http://www.amazon.com/exec/obidos/ASIN/0471530158/c4iorg  - WK]

"A Guide to Business Continuity Planning", James C. Barnes, 2001,
0-471-53015-8, U$35.00
%A   James C. Barnes
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   2001
%G   0-471-53015-8
%I   John Wiley & Sons, Inc.
%O   U$35.00 416-236-4433 fax: 416-236-4448
%P   174 p.
%T   "A Guide to Business Continuity Planning"

Chapter one is an introduction, and also introduces us to a
characteristic of the book: enormous tables with little apparent
purpose.  Table 1.1 is a list, by country, of regulatory agencies that
may have something to require from you in the way of business
continuity planning (BCP).  The table is stated to be for motivational
use, but does point out some BCP ideas or policies.  There is also a
rather innocent sounding mention that the book is written from the
perspective of a consultant: this fact is more significant than the
reader may realize.  For project foundation, chapter two does not give
the usual advice to get management onside and build a broadly based
team, but concentrates on costing, expanding, and selling consulting
services.  (There are confusing areas: having presented one
questionnaire, the text tells you to use results from "the two."  Some
items (such as the advice to use a month's worth of invoices to
estimate rate of consumption of supplies) are helpful, but a lot of
space seems to be wasted (on things like pages of fake employee and
customer data--and a month's worth of supply invoices).  The list of
threats, consequences, and preventive measures is more than usually
detailed (and listed twice), in chapter three, but the discussion of
business impact analysis (BIA) itself is *extremely* terse.  Chapter
four's initial material on strategy selection is quite confused.  The
example RFP (Request For Proposal) for business continuity services
does have some good points, but the pages of lists of specific PCs to
be provided seem pointless.  Later details are brief, but reasonable. 
Plan development, in chapter five, assumes multiple teams and, again,
has some good points (the provision for leadership succession), but
the lists become too specific in many places (does the top level
emergency management team really all need to do CPR?)  There is almost
no general discussion of testing and maintenance in chapter six.

The book is not necessarily wrong, but only has enough real material
for a good magazine article.

copyright Robert M. Slade, 2002   BKAGTBCP.RVW   20020922

-- 
======================
rslade () vcn bc ca  rslade () sprint ca  slade () victoria tc ca p1 () canada com
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
    November 25, 2002   November 29,2002    Toronto, ON, Canada
    December 16, 2002   December 20,2002    San Francisco, CA
    February 10, 2003   February 14, 2003   St. Louis, MO



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.