[ISN] REVIEW: "Disaster Proofing Information Systems", Robert W. Buchanan

InfoSec News isn at c4i.org
Tue Jan 4 06:32:17 EST 2005

Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade at sprint.ca>

BKDPINSY.RVW   20041106

"Disaster Proofing Information Systems", Robert W. Buchanan, 2003,
0-07-140922-X, U$49.95/C$78.95/UK#36.99
%A   Robert W. Buchanan
%C   300 Water Street, Whitby, Ontario   L1N 9B6
%D   2003
%G   0-07-140922-X
%I   McGraw-Hill Ryerson/Osborne
%O   U$49.95/C$78.95/UK#36.99 905-430-5000 fax: 905-430-5020
%O  http://www.amazon.com/exec/obidos/ASIN/007140922X/robsladesinterne
%O   http://www.amazon.ca/exec/obidos/ASIN/007140922X/robsladesin03-20
%P   268 p.
%T   "Disaster Proofing Information Systems"

Buchanan proposes that we avoid disaster by building systems that have
redundancies and are resistant to failure.  In theory, this is an
excellent idea.  But he also implies that you can do this without any
extra work or expense.  Beware of people who tell you they can spin
gold out of straw.

Part one outlines the SHARED (somehow derived from "systems providing
high availability through end-to-end resource distribution")
methodology.  Chapter one is a promotional piece for SHARED, featuring
scattered examples, a disjointed structure, and verbiage that appears
to be a rationale for the use of the system, but only if you don't
examine it closely.  This scattered and random approach is extended in
chapter two, where the discussion of risk management confuses the
qualitative and quantitative methods, and suggests that an alternative
means of communications is a phone tree--if the phones are out.  A lot
of activity is suggested, most of it in the form of taking
inventories, but the explanations of *how* to decide what goes on the
various forms is very poor.  The standard parts of a disaster recovery
plan, such as hot sites, cold sites, and (in a rather idiosyncratic
use of the term "co-location") multiple processing bureaus, are listed
in chapter three.  Chapter four pulls data out of thin air to fill in
the forms for an "example" study.

Part two talks about implementing SHARED.  Chapter five discusses
access devices, which seems to mean replacing your desktop computers
with handhelds.  Products for implementing the different types of
redundancy with different platforms are listed in chapter six,
although it is notable that clustering is described in the very
limited Microsoft manner, rather than the broader and original sense. 
Chapter seven suggests that you write your applications properly. 
(How to do this is left as an exercise for the reader.)  Database
(referred to here as "data store") replication and backup is touched
on in chapter eight.  Various redundant topologies are suggested in
chapter nine, but Buchanan makes several mistakes (suggesting, for
example, one that avoids excessive communications--but would ensure a
failure of communications in the event of the system failure that it
is supposed to address).  Chapter ten makes vague mentions of
different market and operation types.  Chapter eleven refers to
generic testing activities.

This book is hard to read, hard to understand, and provides very
little useful information that is not addressed much more lucidly
elsewhere (such as in Toigo's "Disaster Recovery Planning" [cf.

copyright Robert M. Slade, 2004   BKDPINSY.RVW   20041106

======================  (quote inserted randomly by Pegasus Mailer)
rslade at vcn.bc.ca      slade at victoria.tc.ca      rslade at sun.soci.niu.edu
I summon the vast power of CERTIFICATION!  ...  Well, this is
embarrassing; that's all I remember from the classes.
                                              - Scott Adams, Dilbert
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade

More information about the ISN mailing list