The Binomial Bookstore

THE DEFINITIVE GUIDE TO BUSINESS RESUMPTION PLANNING
by Leo A. Wrobel

A network-centric reference for designing, building, implementing, and
managing a top-notch business resumption plan

“Using easy-to-understand language and helpful illustrations, this book
explains the three essential system components - data access, phones, and
attendant positions - and discusses the major issues surrounding business
resumption planning. You'll get up-to-speed quickly, learning how to develop a
meaningful plan and then build consensus to make the plan successful.
Specifically, you'll acquire the hands-on knowledge you need to:
- Determine what and how departments can learn from one another
- Identify "mission critical" systems, prepare a detailed loss analysis, and
document an executive "white paper" outlining risks and assuring executive
support
- Determine where your enabling technology is vulnerable and decide what
to do about it
- Learn "can't miss" methods on funding your disaster recovery plan.

“The book updates and expands upon two earlier books by Mr. Wrobel: Disaster
Recovery Planning for Telecommunications and Writing Disaster Recovery Plans
for Telecommunications Networks and LANs.”

========================================

From Book News, Inc.:

“Shows how to recover from information systems disasters, emphasizing
cooperation and integration among departments and the development of a
company-wide technology standards document incorporating LAN, data
communications, and telecommunications standards. Contains chapters on
impact analysis and reporting findings, developing operating and security
standards, and securing telecommunications systems. Includes a sample
document, and appendices of sample interview questions, questionnaires, and
checklists, plus contacts for computer recovery companies and recovery planning
tools. For small and large businesses.”

========================================

CONTENTS

PREFACE
ACKNOWLEDGMENTS
CHAPTER 1 COMMON EXPOSURES (AND MISTAKES) IN
RECOVERY PLANNING
1.1 No Plan for the LAN?
1.2 No Plans for Voice Communications
1.3 Data Communications (Access to Data)
1.4 Attendant Positions: Where to Put People
1.5 The "Lone Ranger"
1.6 Lack of Adequate Documentation
1.7 Lack of LAN and Telecommunications Standards
1.8 Lack of Recovery Plan Updates
1.9 Lack of Interdepartmental Coordination
1.10 Recruiting From Other Departments?
1.11 Summary

CHAPTER 2 SIZING THE PROJECT AND DEFINING THE PHASES
2.1 What if You Are Nonprofit?
2.2 Resumption Planning for Small Businesses
2.2.1 Decide What You Are Protecting
2.2.2 Learn About Resumption Planning
2.2.3 Evaluate Inexpensive and Available Services
2.2.4 Document the Obvious
2.2.5 Look Inside Your Own House
2.2.6 Take Precautions Now, Without Breaking the Budget
2.3 Business Resumption Plans for Large Systems
2.3.1 What Supports the People Who Bring in the Bacon?
2.3.2 The Three Phases of a Successful Complex Plan
2.4 Summary

CHAPTER 3 DEFINING THE RISKS: PERFORMING A PRELIMINARY
BUSINESS IMPACT ANALYSIS
3.1 Disaster Recovery Planning
3.2 What Are We Protecting?
3.2.1 Human Life
3.2.2 Operations Sustainment
3.2.3 The Ability To Recover Promptly
3.2.4 Protection Against Litigation
3.2.5 Customer Confidence and Goodwill
3.3 Defining Your Company's Policy
3.4 A Sample Recovery Plan Policy Statement
3.5 Conducting Business Process Interviews

CHAPTER 4 REPORTING YOUR FINDINGS: ORGANIZING A
MANAGEMENT PRESENTATION AND FUNDING REQUEST
4.1 Get Management on Board Early
4.2 Conduct Executive and Logistical Interviews
4.3 Consider a Questionnaire; Insist on a White Paper
4.4 Get the Money
4.5 Get Management Commitment
4.6 Take Your Case to Management
4.7 Summary

CHAPTER 5 PHASE II: IDENTIFYING RESOURCES AND DEFINING
PROJECT COMPONENTS
5.1 Let Operations Personnel Complete the Analysis
5.2 Use a Big 6 Firm
5.2.1 Advantages
5.2.2 Disadvantages
5.3 Hire an Independent Contractor
5.4 Use a Computer Hot-Site Provider
5.5 Use Your Company's Long Distance Carrier
5.6 Use Your Company's Local Telephone Company
5.7 Protect Against Cable Cuts
5.8 Use a PC- or LAN-Based Planning Tool

CHAPTER 6 PHASE II: HANDLING THE LOGISTICS
6.1 Train the Staff
6.2 Gather Additional Information Via Questionnaires
6.3 Recommend a Platform for the Document
6.4 Integrate the Network Plan Into the Corporate Plan
6.5 Perform Failure Mode Effects Analysis
6.5.1 Severity
6.5.2 Frequency
6.5.3 Detection
6.5.4 Calculating the RPN
6.5.5 Standards Refinement
6.6 Identify Critical Databases
6.6.1 Sources of Data

CHAPTER 7 MORE PHASE II WORK: DEVELOPING OPERATING AND
SECURITY STANDARDS
7.1 Writing Standards and Practices for Network LANs
7.2 Use What Is There!
7.3 Standards for LANs
7.4 Turf Issues
7.5 The Standards Committee
7.6 Physical and Environmental Security
7.7 Network Software Security and Change Control Management
7.8 Technical Support
7.9 Sample Topics
7.9.1 Applicable Standards for Mission-Critical and Non-Mission-Critical Support
Systems
7.9.2 Physical Security
7.9.3 Operational Support Issues
7.9.4 Access Control
7.9.5 Change Control Policy and Procedures
7.9.6 Virus Protection Procedures
7.9.7 Business Resumption Policy and Recovery Timeframes
7.10 Summary

CHAPTER 8 SECURING TELECOMMUNICATIONS SYSTEMS
8.1 Assessing Vulnerability in the Local Serving Office
8.2 Utilizing State PSC Records
8.3 Assessing Central Office Physical Security
8.4 Loss of Vendor's Serving Facility
8.5 Customer Isolation From the Vendor's Serving Facility
8.6 Auditing Physical Installations
8.7 The "All Other" Category
8.8 Carrier Colocation Options
8.8.1 Equipment Colocation With Common Carriers
8.8.2 Analysis of Carriers for Equipment Colocation
8.9 Backup for Major Telecom Hubs
8.9.1 ABC Company Using Carrier POP for Diversity
8.10 SONET Alternatives
8.11 Surviving Long Distance Carrier Failures
8.12 Dynamic Nonhierarchical Routing
8,13 Protecting Against Telephone Fraud
8.13.1 Hacking DISA Lines
8.13.2 How a Hacker Does It
8.13.3 Phone Phreakers
8.13.4 Precautions Against Telephone Fraud
8.14 Protecting Dial-in Access
8.14.1 Hazards to Dial-in Access
8.14.2 Protective Solutions
8.14.3 The Bottom Line
8.15 Hacker Techniques
8.16 Facsimile Security
8.16.1 Fax Encryption Devices
8.16.2 Internal Compromises of Security
8.16.3 Preventative Measures
8.16.4 Other Precautions
8.17 Cellular Telephone Security
8.18 Summary

CHAPTER 9 PLANNING FOR THE FUTURE: CONTINGENCY
PLANNING FOR EMERGING TELECOM TECHNOLOGIES
9.1 Solving Client/Server Recovery Problems
9.1.1 SONET Technology
9.1.2 Fault-Tolerant Ring Topology
9.1.3 Allows 10-, 16-, and 100-Mbps Circuit Sizes
9.1.4 Drop and Insert Capability
9.1.5 Advanced Diagnostics
9.1.6 Ability To Burst
9.1.7 A Summary of the Goals
9.2 Long-Term Strategic Advantages
9.3 ATM's Role in the Future
9.3.1 ATM Characteristics and Applications
9.3.2 Why Use ATM?
9.4 Core Business Applications
9.4.1 Conducting Executive and Logistical Interviews
9.4.2 Disperse a Questionnaire
9.4.3 Design-Specific Feature Packages
9.4.4 Examples of Feature Packages
9.5 Recruit Partners and Solicit Executive Involvement
9.6 Draft Tariff From Feature Packages
Chapter 10 A Sample Standards Document
Chapter 11 Phase III: Documenting the Plan
11.1 What Will Make Up Your Plan?
11.1.1 Administrative Statement
11.1.2 The Plan's Objectives
11.1.3 The Action Plan
11.2 Skeleton of the ABC Company Disaster Recovery Plan
11.2.1 Recovery Planning Mission Statement
11.2.2 Scope of the Plan
11.2.3 Makeup of the Plan
11.2.4 Recovery Headquarters
11.2.5 Restoration of Equipment
11.2.6 Recovery Tasks
11.2.7 Disaster Scenario
11.2.8 Plan Strategy
11.2.9 The Recovery Management Team

APPENDIX A SAMPLE INTERVIEW QUESTIONS BY DEPARTMENT
APPENDIX B QUESTIONNAIRE FOR SCREENING POTENTIAL
CONSULTANTS
APPENDIX C PARTIAL LIST OF COMPUTER RECOVERY COMPANIES
APPENDIX D SELECTED SOFTWARE-BASED RECOVERY PLANNING
TOOLS
APPENDIX E SAMPLE TELECOMMUNICATIONS STANDARDS AND
PRACTICES QUESTIONNAIRE
APPENDIX F SAMPLE OPERATING AND SECURITY STANDARDS
APPENDIX G SAMPLE CHECKLIST FOR AUDITING TELECOMMUNICATIONS
INSTALLATIONS
APPENDIX H SAMPLE RECOVERY PLAN CHECKLISTS
APPENDIX I SUGGESTED RECOVERY PLAN APPENDIX TOPICS
GLOSSARY
ABOUT THE AUTHOR
INDEX

========================================

ABOUT THE AUTHOR

“Leo A. Wrobel has more than two decades of experience in emerging
network technology, disaster recovery planning, and technical training. Mr. Wrobel
has been president and CEO of the Dallas-based consulting firm Premiere
Network Services Inc. since 1986.

“An active author and lecturer, Mr. Wrobel has published nine books and
dozens of trade articles on a variety of technical subjects, including such works as
Managing Emerging Technologies for Strategic Advantage (1995), Writing Disaster
Recovery Plans for Telecom & LANs (1993), Disaster Recovery Planning for
Telecommunications (1990), Implementing a Successful Telecommunications
Disaster Recovery Plan (1997), and Understanding Emerging Network Services,
Pricing, and Regulation (1995).

“His experience includes assignments at AT&T, a major mortgage
banking company, and a host of other firms engaged in banking, brokerage, heavy
manufacturing, telecommunications services, and government. His achievements
have included the design and regulatory approval of a LATA-wide OC-12/ATM
network for a $10-billion manufacturing giant, the first of its kind anywhere. Mr.
Wrobel holds degrees in telecommunications systems technology, electronic
systems technology, and business and public policy.”

========================================

1997, 260 pages. Order #DR286

========================================

The Binomial Bookstore

Telecommunications, Networks

Rothstein Associates Inc.