ARL Logo Albion Research Ltd.
Threat and Risk Analysis guiding Business Continuity		  
11 May 2008
Home -> Recommended Books -> DRP Business Continuity | R&D | Products | Contact Us
 

Mike's Recommended Books on
Business Continuity and Disaster Recovery Planning

These lists concentrate mainly on logical threats, rather than general business continuity and disaster recovery planning.

General Business Continuity and Disaster Recovery Planning

  • Disaster Recovery Planning
    Roopendra Jeet Sandhu, Premier Press, 2002.

    A good introduction to the process of Disaster Recovery Planning, explaining the key activities involved. Apart from the occasional introduction of irrelevant supporting tables and statistics (does the fact that flooding cost $32 billion dollars of losses in 1900 in Galveston, Texas really help you?) quite a readable book.

    Other Reviews

  • The Backup Book: Disaster Recovery from Desktop to Data Center
    Dorian J. Cougias, E.L. Eiberger, Karsten Koop, Laurie O'Connel (ed.), Schaser-Varian Books, 2003.

    Don't let the title The Backup Book fool you (like it nearly did me). This isn't a boring guide on how to backup your computer: it is a good guide to modern techniques in a data center to ensure effective and cost-effective recovery from hardware or software failures.

    Backup is no longer a question of racks of tape. Modern techniques, enabled by reduced disk and communication costs, make recovery with minimum disruption or data loss possible (if you have the budget).

    Topics covered include making hardware more reliable (RAID, clustering, power conditioning), basic rules for network services (always have two ISPs!) , asynchronous and synchronous replication, recovery sites, internet backup and more.

    Although this book strays a little from its main subject area (into areas such as network design), and gives perhaps a little too much weight to the authors' favorite products, there is little here that anyone responsible for running a server farm or a data center will not find interesting or relevant. A good read (and reference) if you need to understand modern backup and data recovery techniques.

    Other Reviews

  • CISSP: Certified Information Systems Security Professional Study Guide
    Ed Tittel, Mike Chapple, James M Stewart, Sybex, 2003.

    Even if you're not a security professional studying for CISSP exams, this study guide gives a broad overview of computer security ("a mile wide and an inch deep") which is useful background for anyone concerned with business continuity or disaster recovery planning.

    Other Reviews

  • Manager's Guide to Contingency Planning for Disasters: Protecting Vital Facilities and Critical Operations
    Kenneth N. Myers, Wiley, 1999.

    Myers has plenty of good advice about how to generate a good disaster recovery plan at low cost. He draws an important distinction which is rarely emphasized enough: there is a difference between recovering a business system and recovering a computer system. It is the business system that ultimately matters. Too much emphasis on computer systems can lead to plans which are expensive to develop and maintain, and give little advantage over less comprehensive plans if the probability of a disaster is taken into account.

    Other Reviews

Logical Threats: Hacking and Computer Security

  • CISSP: Certified Information Systems Security Professional Study Guide
    Ed Tittel, Mike Chapple, James M Stewart, Sybex, 2003.

    Even if you're not a security professional studying for CISSP exams, this study guide gives a broad overview of computer security ("a mile wide and an inch deep") which is useful background for anyone concerned with business continuity or disaster recovery planning.

    Other Reviews

  • Security in Computing
    Charles P. Pfleeger, Shari Lawrence Pfleeger, Prentice Hall, 2003.

    This is a good undergraduate text which is also be useful for anyone wishing to acquire a broad overview of the computer security area. Computer security is defined broadly (as it should be), so the subject matter is not limited to malicious hackers, worms, and viruses, but includes physical threats, practical security, and the legal, and privacy issues in computing. The writing is clear and thankfully steers clear of the hyperbole associated with less academic texts on the subject. It's not cheap, but is still a highly recommended introductory text.

    Other Reviews

  • Incident Response & Computer Forensics
    Kevin Mandia, Chris Prosise, Matt Pepe, McGraw-Hill, 2003.

    So someone just hacked your system and stole $1,000,000... What do you do now?

    This book covers the forensic techniques required to analyze a computer crime - from sniffing networks to analyzing slack space on disk. If you think your computer usage isn't leaving tell-tale signs on hard disk or in log files somewhere, think again. Also covered are the imporant requirements for collecting and handling evidence if it must stand up in court. Packed with real case histories and examples, this book will be useful both for the aspiring investigator and the computer criminal:-)

    Other Reviews

  • The Art Of Deception
    Kevin D. Mitnick, William L. Simon, Wiley, 2002.

    Kevin Mitnick is unquestionably an expert in the field of social engineering — obtaining information or access using deception. You won't find much about computer hacking per se in this book: as the author all to clearly points out, if you can persuade an insider to give you the information you need, why waste any time or take any risks?

    What you will find here is a good set of fictionalized case histories showing just how subtle and ingenious social engineers can be in reaching their goals. You'll also develop a healthy distrust of the phone system, Caller Id, and requests to fax documents internally.

    Could someone get your system administrators to allow them access to your website? Can your website be attacked from your intranet using some of the techniques describe here? You will have to read the book and decide for yourself. But from what's written here, if your organization is of any size, I suspect the answer is yes.

    Other Reviews

  • The Watchman: The Twisted Life and Crimes of Serial Hacker Kevin Poulsen
    Jonathan Littman, Little, Brown and Company, 1997.

    There can't be many other hackers that have appeared on America's Most Wanted. Poulsen penetrated the security at Pac Bell so completely that ultimately he knew which telephones were going to be tapped before the taps were installed. Poulsen used both physical and network intrusion to get the access he wanted. A useful reminder that website security requires physical security to be truly effective.

    Other Reviews

  • Web Security: A Step-by-Step Reference Guide
    Lincoln D. Stein, Addison-Wesley, 1998.

    Aimed at a general audience (administrators, developers, and end users) this is an expansion of Stein's excellent WWW Security FAQ. Good advice on hardening Unix and NT servers.

    Sadly, as with so many books in this field, beginning to date.

    Other Reviews

  • Intrusion Signatures and Analysis
    Matt Fearnow, Stephen Northcutt, Karen Frederick, Mark Cooper, Que, 2001.

    Really for computer and network intrusion specialists, this book describes in detail attacks on many kinds of system. By examining the details of attacks, it reveals interesting insights into hacker strategies and possible defenses.

    Other Reviews

Cryptography

OK, not very many websites are going to come under cryptographic attack (there's generally an easier way) and very few people are going to develop their own encryption algorithms (and many of those that do probably shoudn't). However, if you want to understand cryptography, implement a cryptographic algorithm, or purchase a cryptographic product these are a good place to start.

Other Website Disaster Recovery Planning Resources

Note

If any of the book links take you to the wrong country (or continent) try using Albion BookLink to choose your preferred destination.

Michael Z. Bell

[Other Recommended Books]

© Albion Research Ltd. 2008