[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] REVIEW: "The Definitive Handbook of Business Continuity Planning", Andrew Hiles/Peter Barnes
Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade@xxxxxxxxx>
"The Definitive Handbook of Business Continuity Planning", Andrew
Hiles/Peter Barnes, 1999, 0-471-48559-4, C$90.00
%E Andrew Hiles
%E Peter Barnes
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%I John Wiley & Sons, Inc.
%O C$90.00 416-236-4433 fax: 416-236-4448
%P 391 p.
%T "The Definitive Handbook of Business Continuity Planning"
The first two pages of the foreword are a promotional piece for the
Survive organization which, incidentally, employs both authors. The
foreword also states that the authors expect this to be "the most
authoritative work on business continuity planning (BCP) yet
Section one is an executive overview. Chapter one states that
disasters do happen and can affect business. While not always clearly
focused, chapter two's outline of a business continuity strategy is
generally good. Vague thoughts on a slightly more generic BCP, under
a different name, make up the review of crisis management in chapter
three. Chapter four defines multilateral continuity planning as
involving interrelated companies, vendors, customers, and so forth. A
disaster can result in bad publicity, we are told in chapter five.
Chapter six is a partial list of threats.
Section two is supposed to be a how-to guide for planning business
continuity. Chapter seven presents a basic but reasonable outline of
the BCP methodology. The usual advice for project initiation and
management is provided in chapter eight. Risk evaluation and
management, in chapter nine, is very vague, although part two is
better than part one. There are gaps in details and tenuous
conceptual presentations of business impact analysis in chapter ten.
Chapter eleven talks about BCP, but in respect to specific work areas
or business units. Manufacturing BCP is handled in chapter twelve,
although not much is different. The same is true for communications--
basically, chapter thirteen's advice boils down to having alternative
Chapter fourteen looks at emergency response, planning for the
earliest and shortest part of the event. Then there is a repeat of
much of the earlier information, under the heading of developing the
plan, in chapter fifteen. Chapter sixteen is supposed to be about
using auditing, training and testing to drive awareness, but is mostly
just about auditing, training, and testing. Maintaining the BCP, in
chapter seventeen, is mostly about testing. Chapter eighteen, on
selecting BCP tools, gives a listing of tool types, and a number of
questions to ask about the tools that are mostly irrelevant for any
specific tool. Coping with people in recovery, in chapter nineteen,
deals with the psychological trauma that people experience in
emergencies. The material is not particularly useful, but it is nice
to see the topic addressed. Chapter twenty closes off with a
promotion of the idea of business continuity planning.
Appendix A is a set of "case studies." These are mostly stories of
disasters, without an awful lot of detail or analysis.
The material is a reasonable overview of the BCP process, but nothing
is particularly helpful or useful.
copyright Robert M. Slade, 2002 BKDHOBCP.RVW 20020923
rslade@xxxxxxxxx rslade@xxxxxxxxx slade@xxxxxxxxxxxxxx p1@xxxxxxxxxx
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
February 10, 2003 February 14, 2003 St. Louis, MO
March 31, 2003 April 4, 2003 Indianapolis, IN
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@xxxxxxxxxxxxx with 'unsubscribe isn'
in the BODY of the mail.