REVIEW: "Disaster Recovery Planning", Jon Toigo

[InfoSec News <isn () c4i org>]

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade () sprint ca>

BKDRPCCR.RVW   20021123

"Disaster Recovery Planning", Jon Toigo, 1996, 0-471-12175-4
%A   Jon Toigo
%C   5353 Dundas Street West, 4th Floor, Etobicoke, ON   M9B 6H8
%D   1996
%G   0-471-12175-4
%I   John Wiley & Sons, Inc.
%O   416-236-4433 fax: 416-236-4448
%O  http://www.amazon.com/exec/obidos/ASIN/0471121754/robsladesinterne
%P   329 p. + disk
%T   "Disaster Recovery Planning: For Computers and Communication
      Resources"

The purpose of the book is stated to be a modular reference for
professionals.  In that regard, it succeeds, with a realistic
approach, and helpful tools for the planner.

Chapter one is a general introduction, with a sensible look at what
disaster recovery planning (DRP) can do, and a useful section listing
extra benefits of such a plan, which can be helpful in selling the
idea to senior management.  An overview of the planning project is
given in chapter two, including an information flow diagram.  The
discussion stresses similarities and differences between disaster
recovery planning and other types of projects.  Each chapter from this
point on ends with a summary of important concepts and a checklist of
basic points for the project, and most contain a number of forms of
benefit in gathering and analyzing information.  A very detailed
description of the preliminary steps for project initiation is
provided in chapter three.  Some of the material, such as sources of
risk information, is US-centric, and the book is, understandably, not
current with the latest types of risk analysis software.  The itemized
data collection forms in chapter four are very good, but limited
attention is paid to a number of important "social" and political
issues.  Mention is made of the need for management buy-in, but the
forms still ask dangerous questions, such as how many staff the
manager can do without.  Chapter five deals with risk analysis, and,
while there is not much more information on the process than is
contained in most such texts, there is a good analysis of the
weaknesses of common approaches.  Disaster prevention for facilities
and infrastructures, in chapter six, has varying levels of detail, but
it is generally superior to other works.  Off-site storage
considerations are discussed in chapter seven.  Chapters eight and
nine review systems and network recovery, and, while there is a good
overview, the content is not up to the standard of previous material. 
End-user recovery, in chapter ten, looks at necessary facilities,
supplies and services for personnel, an often overlooked requirement.

Chapter eleven covers the presentation of the plan to management, and
consists primarily of a checklist of items to include.  Plan
development, in chapter twelve, concentrates on the creation of
detailed procedures and documentation, and possibly should have been
included in some of the prior chapters.  There is a vague and terse
look at training in chapter thirteen.  Chapter fourteen does a better
job of considering testing, but is not necessarily than other works.

It is disappointing that the good start to the book does not carry
through to equal quality in the later chapters.  However, despite gaps
and some weaknesses, overall this book is possibly the best I have
found on the disaster recovery and business continuity topics.

copyright Robert M. Slade, 2002   BKDRPCCR.RVW   20021123

-- 
======================
rslade () vcn bc ca  rslade () sprint ca  slade () victoria tc ca p1 () canada com
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
    February 10, 2003   February 14, 2003   St. Louis, MO
    March 31, 2003      April 4, 2003       Indianapolis, IN



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.