Disaster Resource

AWARDS AND CONFERENCES
"DRJ Conference Reveals Systems Disaster Readiness of BCP Professionals" , Quantum Corp.. (DRJ, Vol 13, 1, p. 46) How prepared is your company for a computer systems disaster? That is the ongoing challenge of the DLT tape hosted education initiative known as Prove It.
"Record Attendance At Spring World 2000 Conference" , J. Ballman. (DRJ, Vol 13, 2, p.36) Spring World 2000 conference in San Diego attracted the largest gathering ever of business continuity planners at any conference in the industry.
"Fall World 2000: The International Symposium and Exhibition with a Disney Flare" , M. Saab. (DRJ, Vol 13, 4, p. 48) The largest DRJ east coast conference was held at the Disney Coronado Springs Resort on September 10-13, 2000. The new location of the event at the Disney hotel was a welcome change of scenery and excitement for all involved.
"Spring World 2001: The 12th Annual Corporate Contingency Planning Seminar & Exhibition" , (DRJ, Vol 13, 4, p. 81) The industry's best value and largest conference. Spring World 2001 held on March 4-7 in San Diego, CA offers numerous learning and networking opportunities!

CASE STUDIES
"A Utility's Utility" , L. Sullivan. (RM, Vol 47, 12, p. 36) The employees of the insurance services department of Ontario-based Union Gas Limited makes their risk management information system work for them.
"Altitude Recovery" , J. Steel. (RM, Vol 47, 12, p. 23) A critical fire could have spelled disaster for United Airlines, but its integrated recovery plan kept it flying.
"City in Crisis: Lessons from Seattle" , B. Schrier, W. Frietag. (CPM, Vol 5, 2, p. 28) Back in December, the city of Seattle hosted the World Trade Organization ministerial meeting and thousands of outraged protestors. Read how the public and private sectors faired in the face of crisis.
"Closing the Hole in our Disaster Recovery Plan" , L. Hoffman. (DRJ, Vol 13, 3, p. 74) When I came to Baptist Health Systems of South Florida as its first Disaster Recovery Analyst, I had a tremendous task ahead of me.
"East Coast Collisions: The 1999 Atlantic Hurricane Season" , C. Salerno. (CPM, Vol 5, 1, p. 24) The 1999 Hurricane Season brought damaging floods to many states along the East Coast. For emergency management personnel, the busy season brought insights and hard lessons. And, according to weather experts, 1999 was but a taste of things to come.
"Fiery Mt. Usu: a Mixed Blessing from Nature" , S. Hosotsubo, N. Rhoden. (DRJ, Vol 13, 3, p. 40) The volcanoes on the islands of Japan bring mixed blessing to the people who live there. Mt. Usu became highly active at about 1:10 p.m. on March 31, 2000.
"Hurricane Floyd Leaves Clues on How to Survive Major Flooding" , FM Global. (DRJ, Vol 13, 4, p. 72) Could another "Floyd" drench your property in the next millennium? Absolutely. In fact, your company may be in more danger than ever before of record level flooding events-even if you are not located in a so-called "flood zone".
"Hurricane Floyd, The Double-Barreled Blast" , J. Nevola. (DRJ, Vol 13, 1, p. 38) The weekend of September 11-12, 1999 in Florida saw beautiful, peaceful weather, but the minds of the people responsible for the protection of their respective business were churning like the winds of Hurricane floyd, then in the Atlantic.
"Insuring Continuity" , C. Salerno. (CPM, Vol 5, 2, p. 10) Capital Blue Cross is a company that specializes in contingencies. But the insurance they provide goes far beyond a well-designed package. The company's commitment to a business continuity planning guarantess their clients a continuation of service even when they themselves fall victim to one of life's tragedies.
"Lessons in Business Continuity Planning: One Hospital's Response to a Disaster" , L. Reshaur, R. Luongo. (DRJ, Vol 13 , 2, p. 12) A fire in your main power switch room! Loss of electricity to over 65 percent of your facility! Evacuation of patients and staff, and loss of communication systems! Is your hospital prepared for this kind of event? This is what Carilion Roanoke Community Hospital (CRCH) had to cope with when a fire broke out.
"Not By Books Alone" , D. Smalling, S. Sloan. (SM, Oct. 00, p. 51) By bringing students and security professionals together to develop and test a crisis management plan, this university proved that both groups could benefit from the exercise.
"Planning at the Speed of Change" , A. Hagg. (CPM, Vol 5, 5, p. 12) Managing the business continuity and disaster recovery operations of a rapidly expanding, multibillion-dollar global leader in manufacturing sevices is no small task, but with wide avenues of communication, the right tools, and a sharp focus on customer service, anything's possible-just ask Solectron's Raelene Wong.
"Planning For Homecoming" , C. Salerno. (CPM, Vol 5, 1, p. 12) Last July, the Saturn Corporation hosted for the second time a large-scale, customers appreciation event know as Homecoming. While the event runs oly two days, the planning behing the well-attended outing is a remarkable understanding and a true demostration of contingency planning at it best.
"Profiles in Leadership" , S. Nickson, L. Sullivan. (RM, Vol 47, 9, p. 14) Three corporate chiefs share their recipes for success, including how to blend guiding principles and risk management philosophy.
"Real Time Doppler Radar: A Community Approach" , G. Rockower. (DRJ, Vol 13, 4, p. 36) No one in Syracuse and Central New York will forget the powerful storm that swept through the region on the morning of Labor Day, 1998. Like many other essential service providers, Niagara Mohawk Power Corporation, the local utility, relied on the National Weather Service's NEXRAD system to track storms as they moved through the region.
"Smoking Out the Best Fire System" , F. Phelps. (SM, April 00, p. 59) Southern Methodist University tells how it updated its aging fire prevention and suppression system.
"Texas Tornado-Fort Worth 2000" , D. McKinney. (DRJ, Vol 13, 3, p. 46) To those of us in the restoration business and the disaster and continuity planning fields, it is not news that a deadly tornado ripped its way through downtown Fort Worth, Texas this spring.
"The Tarrent County Tornadoes of March 28, 2000" , G. Ely, G. Woodall. (DRJ, Vol 13, 4, p. 28) The storms in Tarrant County on March 28, 2000 seriously damaged six commercial buildings, destroyed 171 homes, and damaged over 1500 others. All tolled, damage estimates ranged between $400 and $450 million. Five people were killed, and dozens injured.
"The Tempest" , C. Salerno. (CPM, Vol 5, 4, p. 14) After a tornado ripped through their Fort Worth offices, Inno Ventry had things back up and running in no time-thanks to the recovery team's ability to play their roles flawlessly.
"U.S. Bancorp: On a Mission to Revamp Business Continuity Planning" , M. Jung. (DRJ, Vol 13, 2, p. 16) Over the past several years, through merger, acquisition and new services, U.S. Bancorp has grown into the nation's 11th largest bank holding company. Along the way, however, those charged with business continuity for the bank began to realize the old methods of continuity planning were not going to effectively meet the needs of the new organization.
"Walking on Sunshine" , C. Salerno. (CPM, Vol 5, 3, p. 10) In 1998, Rich Peterson was assigned the task of developing a comprehensive disaster recovery plan for the City of Scottsdale's complex information systems (IS) infrastructure. With the help of Sam Stahl of BEST Consulting, the IS support manager ended up with not only an excellent plan, but a healthy respect for the risks that lurk in even the sunniest of cities.

CRISIS COMMUNICATIONS & RESPONSE
"Disaster Communications: It's Not Just Radios" , P. Dworsky. (DRJ, Vol 13, 3, p. 62) Have you ever been the "in-charge" of disaster and issued an order or directive for someone to get you a radio and they returned with a state-of-the-art AM/FM/CD cassette stereo? But you really wanted a two-way walkie-talkie so you could direct the incident. When this occurs, we tend to blame subordinates and co-workers for not following our instructions, because, obviously our directions and intentions were crystal clear.
"Evacuation vs. Shelter in Place, a Situational Comparison" , C. Yard. (DRJ, Vol 13, 3, p. 28) Emergency situations take many different forms. In emergency response operations, a decision must often be made to issue an order for a population to either evacuate or to shelter in place. This decision may have large-scale consequences that deserve thorough examination.
"For Every Action" , C. Tobin. (SM, Sept. 00, p. 61) A properly trained officer force will know how to match the appropriate level of response to each set of circumstances, protecting lives and the company's reputation.
"No Comment" "Won't Do" , M. Peck. (SM, Oct. 00, p. 44) If a crisis occurs at your facility, the company's reputation could be a casualty unless the contingency team is ready with a medical plan.
"Security in the Strike Zone" , M. Taylor. (SM, Nov. 00, p. 38) As this company's experiences show, security planning can make all the difference when workers go on strike.
"Strategic Communication Plans Ease Disaster Recovery Woes… Savvy Managers Realize that Stonewalling is a Thing of the Past" , D. Schultz. (DRJ, Vol 13, 4, p. 40) We've all seen it in the media countless times: corporations depicted as the "Great Satan" of modern industrial society recklessly polluting, rampaging and destroying whole environments with an air of casual callousness and apparent impunity. The telecommunications industry is one that makes daily news headlines with the bottom-line message being: "This is what you ought NOT to do in responding to a crisis."
"Teamwork: Emergency Response" , FM Global. (DRJ, Vol 13, 2, p.44) Emergencies strike without warning. When an emergency hits, your response in the next minute could mean the difference between business property survival and disastrous loss.
"The ESOCI Principle: A Systematic Approach to Managing Emergency Response Incidents" , G. Indelicato. (DRJ, Vol 13, 3, p. 22) By their very nature, responses to emergency incidents, such as chemical spills, fire or other sudden environmental impairments, are performed under less than optimal conditions. As a result of this less than favorable operating environment, the success of such an emergency operation relies on rapid, accurate assessment of the situation, devising an appropriate plan and the successful implementation of that plan.

FACILITY ISSUES
"Building in Terrorism's Shadow" , M. Gips. (SM, May 00, p. 42) What have been the long-term effects of the World Trade Center and Murrah building bombings? Security Management surveys high-profile properties to find out.
"Debris Management Planning; Why a Debris Management Plan?" , R. Swan. (DRJ, Vol 13, 2, p. 32) Hurricane Floyd, was the most devastating storm of the 1999 season. Virginia and twelve other states were impacted by the storm resulting in 13 major disaster declarations…Costs to insurance companies, Federal and State taxpayers, and individuals associated with cleaning up after such events continue to grow at unprecedented rates.
"Gazing into Security's Future" , P. Bailin. (SM, Nov. 00, p. 60) Two studies conducted by the The Freedonia Group, Inc., show strong markets for electronic security products and systems as well as for private contractual security services.
"How Far is Really Far Enough Away?" , J. LaRue. (DRJ, Vol 13, 4, p. 14) Many of us in a disaster recovery and business continuity have been faced with a dilemma. Is the distance between the home site and alternate site far enough away? Three miles? Twenty-five miles? Fifty miles? Typically, those generic guidelines we've all heard are old standards adapted from military specifications.
"How Smart is Your Step" , D. Patterson. (SM, Mar. 00, p. 76) The central station is the brains of the corporate security setup and must be properly designed for quick response.
"Powering Up Access Control" , J. Smith. (SM, Nov. 00, p. 68) With a sound policy in hand, utilities can ensure that they provide the appropriate access to their various facilities.
"Solar Solutions for Natural Disasters" , A. Deering, J. Thornton. (RM, Vol 47, 2, p. 28) In the event of a loss in power due to severe weather or other catastrophic events, renewable energy sources can help shed light on the darkness.
"Taking a 'Hands On' Approach to Recovery" , K. Greenough. (CPM, Vol 5, 2, p. 38) Although physical recovery of business operations is best accomplished by recovery specialists, company employees have much to offer in terms of recovery initiatives.

HUMAN CONCERNS
"A Cure for Violent Tendencies" , J. Johnson. (SM, Mar. 00, p. 42) Hospitals face unique challenges when it comes to preventing workplace violence. Find out how one security team is meeting that challenge.
"A Good Parking Space" , H. Moster, A. Etheridge. (SM, Oct. 00, p. 62) Companies can follow these steps to ensure the parking facilities are safe and that the company is protected from costly liability lawsuits.
"Abducting the Abductors" , P. Steiner. (SM, Mar. 00, p. 48) Hospitals should conduct test drills to ensure that their infant abduction response plan is effective.
"Analyze This" , J. Steines. (SM, June 00, p. 97) The analysis of how this fictional company handled a sexual harassment investigation reveals the dos and don'ts of a successful approach.
"Checking Credit When It's Due" , F. Giles. (SM, June 00, p. 107) A complex set of regulations and legal precedents governs how credit histories can be used in preemployment screening, and companies must make sure not to misuse them.
"Dangerous Scenarios: Would Your Employees Be Safe?" , J. Levine. (CPM, Vol 5, 2, p. 20) Technology has put amazingly destructive capacity into the hands of both would-be terrorists and the employee down the hall.
"Easing Workforce Reduction" , S. Beigbeder. (RM, Vol 47, 5, p. 26) Downsizing is a necessary challenge for many companies. Developing an efficient and comprehensive system for workforce reduction can protect the well-being of employees, enhance the company's image and reduce losses from inappropriate claims and lawsuits.
"Fire At Will, Repent at Leisure" , T. Bland. (SM, May 00, p. 64) Find out how to avoid wrongful terminations lawsuits.
"Get a Handle on Harassment" , T. Bland. (SM, Jan. 00, p. 62) Companies must ensure that their harassment policies can pass muster under the latest court rullings.
"Go Aks Alice" , M. Lynch. (SM, Dec. 00, p. 98) Security took the lead in creating a policy to help victims of domestic violence.
"Going for the Gold" , R. Oatman. (SM, Aug. 00, p. 50) Executive protection advance work for special events such as the upcoming Olympics in Sydney.
"Grounds for Protection" , P. Murphy. (SM, Oct. 00, p. 84) Marriott explains how it uses CPTED principles to secure its properties and guests.
"Helping Employees Recover" , R. Wnek. (CPM, Vol 5, 4, p. 26) Putting together a crisis management team and developing a plan to aid employees in a time of crisis can enable a swift and successful recovery for your entire business.
"It's All in Their Heads" , T. Balnd, M. Harkavy. (SM, Sept. 00, p. 92) Much of the information that secures a company's market advantages resides in the minds of employees. Learn how to stop them from taking that insider knowledge to a competitor.
"James Got His Gun" , D. Batza, M. Taylor. (SM, Dec. 00, p. 74) This case study illustrates how employee awareness and well-executed procedures can help companies minimize the potential for incidents.
"Making the Right Call" , R. Muscoplat. (SM, Oct. 00, p. 77) ADA-compliant phones aren't cheap. Before busting the budget, find out which features you need.
"New Tools of an Old Trade" , W. Besse, C. Whitehead. (SM, June 00, p. 66) Find out how new technologies can help achieve the traditional protection goals of those ensuring the safety of executives.
"The Dangers of Safety Incentive Programs" , W. Atkinson. (RM, Vol 47, 8, p. 32) Safety incentive programs may seem like a good thing, but bad things can happen when they encourage underreporting of accidents and lead to increases in workers' compensation claims.
"The Everyday Face of Workplace Violence" , W. Atkinson. (RM, Vol 47, 2, p. 12) Severe instances of aggression make headlines, but other forms of violence are disturbingly common: assault, bullying and harassment. What can you do to help protect employees?
"The Human Face of Information Loss" , N. Bottom. (SM, June 00, p. 50) To prevent proprietary theft, companies must address the human factors.
"The Risk Budget: Using Your Human Resources" , J. Marthinsen, J. Edmunds. (RM, Vol 47, 4, p. 61) Harnessing the insight of your employees, from upper management to front-lines workers, can translate into a more effective operational risk management system.
"The Triad Alliance "Preparing the Vulnerable Population" , D. Lunsford. (DRJ, Vol 13, 3, p. 16) The terms "vulnerable", "at risk", or "under-served" populations are associated with specific groups or segments of a community whose needs are often not met using the traditional services provided by political sub-divisions, especially during periods of local emergencies or disasters.

INFORMATION TECHNOLOGY & TELECOMMUNICATIONS
"A Balanced Approach to DoS" , A. Croll, E. Packman. (IS, Vol 3, 5, p. 62) It's virtually impossible to block denial-of service attacks. But you can take steps to mitigate their impact, including deploying intermediate devices such as load balancers.
"A Look Inside the Data Center of the New Millennium" , R. McClory. (EMI, Vol 20, 6, p. 30) Customer demands will result in more square footage, faster processing speeds, more power consumption and an even greater emphasis on 24x7 reliability.
"A Wizard Gets Wiser" , R. Thieme. (IS, Vol 3, 9, p. 96) Fearing ever-increasing "hacker-related pain," Marcus Ranum turns his focus from technology to social change.
"Adapting Technologies to the Task" , E. Snow. (SM, June 00, p. 60) Envolving technologies, such as the Internet, can be adapted for security applications by executive protection practitioners.
"Applications" , D. Hayes. (DRJ, Vol 13, 2, p. 90) In the 1960's information systems arrived. An early tag word of this developing technology was the term "application." At the beginning of the 2000's, it is a concept surrounded by seriously flawed habits of thought and action.
"Ask E-Continuity Questions First, Act Later: The Smart Approach to Engaging ASP Services-Making Sure Providers Can Protect Applications is Critical , M. Solter. (DRJ, Vol 13, 1, p. 40) As the growing pressures of e-commerce drive customers to demand that hosting firms provide a broader range of services, ISPs and new entrants alike are answering the call by becoming Application Service Providers.
"Audits, Assessments & Tests (Oh, My)" , I. Winkler. (IS, Vol 3, 7, p. 80) Security tests come in three basic flavors. Here's how to make sure you're performing only the test(s) you really need (Pt. 1 of 4).
"Audits, Assessments & Tests (Oh, My)" , A. Berg. (IS, Vol 3, 8, p. 56) On the surface, all vulnerability assessment scanners perform essentially the same way. Here's how to decide which one-if any-is right for your requirements (Part 2 of 4).
"Automation Issues: Backing Up Is Hard to Do" , A. Farber, R. LaChance. (EMI, Vol 20, 2, p. 6) But now it's more critical than ever for you to have a reliable disaster recovery plan.
"Automation Issues: Thank Y2K for Improvements in Operations" , A. Farber, R. LaChance. (EMI, Vol 20, 5, p. 6) Even though it was an expensive hassle, it's now apparent that Year 2000 fixes have left us with many benefits.
"Avoiding IS Icebergs" , D. Swanson. (IS, Vol 3, 10, p. 76) Part four of "Audits, Assessments & Tests (Oh, My)" delves into information systems auditing, the often maligned but always necessary practice of evaluating technologies and security procedures to ensure they work as intended.
"BCP Comes of Age" , P. Rothstein. (IS, Vol 3, 7, p. 86) Three senior business continuity planners discuss new dimensions in the relationship between BCP, disaster recovery and infosecurity.
"Beyond Firewalls" , S. Reed. (IS, Vol 3, 8, p. 46) In most organizations, firewalls are now a commodity: everyone has at least one. In the future, access controls will need to become more granular, all the way down to the data level.
"Business Continuity Planning & the Highly Protected Risk Expanding the Envelope: Planning For the Entire Organization" , J. King. (DRJ, Vol 13, 1, p. 28) Disaster Recovery has long been concerned mainly with information technology systems. Its origin as a response to data center needs has produced this situation. With the continuous cost cutting of the last decade, corporations have attempted to eliminate much of the redundancies once provided in their systems.
"Business Continuity Planning and the Ten Most Common Pitfalls to Avoid in the "New Economy" , D. Carson, B. Zawada. (DRJ, Vol 13, 2, p. 74) Whether a traditional brick and mortar company or an innovative "dot com," the issue surrounding business continuity planning essentially remains the same - business process and information systems continuity and availability.
"Business Continuity Planning, A Necessity in New E-Commerce Era" , B. Wilson. (DRJ, Vol 13, 4, p. 24) Unannounced business disasters happen any time, anywhere and do not need to be the magnitude of a hurricane to cause serious problems. In fact, most disasters are caused by spontaneous mishaps in or around the work environment. Disasters can be something as simple as a lost file that was not saved or as large as a complete network failure.
"Business Continuity: Battling High-Tech Exposures" , J. Kelley. (RM, Vol 47, 5, p. 31) Technological advancement has left organizations vulnerable to unexpected exposures. Risk managers must recognize these risks and develop plans that address the evolving business environment.
"Complying with the Economic Espionage Act" , C. Carr, J. Furniss & J. Morton. (RM, Vol 47, 3, p. 21) This act is designed to provide security for intellectual property and trade secrets, but in order to claim protection a company must meet certain criteria.
"Coping with Cyber-Crisis: Identifying, Preventing and Overcoming Threats to Corporate Reputation" , T. Wallace. (DRJ, Vol 13, 1, p. 42) Corporate disasters come in many shapes and sizes. But whatever the impact on products, plants, or people, the reputation of an organization is often what suffers the most damage.
"Cover Story: Backup and Recovery Take Center Stage" , D. Crouse. (EMI, Vol 20, 2, p. 12) In today's enterprise storage environment, old approaches are no longer valid. The volume and importance of data demands a robust and inclusive storage management strategy.
"Disaster Recovery: Your Company's Survival May Depend on It" , L. Stevens. (EMI, Vol 20, 4, p. 38) While there are a wide range of options for you to choose from, selecting the right one requires evaluating the risk of downtime-a business decision that may be beyond the scope of It.
"Distributed Redundancy: "Maximum Availability at Minimal Cost" , Liebert Corp.. (DRJ, Vol 13, 1, p. 24) As the need for greater system availability intensifies across virtually every industry-from global banking to just-in-time manufacturing-network, IT, and other information systems managers are asked to guarantee an unprecedented level of computer uptime.
"E-coverage Alert: Ingram Micro Decision Sets New Precedent" , J. Leming. (RM, Vol 47, 8, 12) An Arizona court ruling has far-reaching consequences for insurance companies that may now be forced to provide coverage under business interruption policies for breakdowns in computer service, hacker and virus attacks and even year 2000 claims.
"E-Merging Risks: Operational Issues and Risk Solutions in a Cyberage " , E. Freeman. (RM, Vol 47, 7, p. 12) Technologies of the information age open the door to opportunity and risk. This article provides a framework for identifying, evaluating and creating better risk management systems to deal with the new exposures.
"Enterprise-Class Av" , R. Thompson. (IS, Vol 3, 2, p. 42) An extended, heterogeneous computing environment places new demands on antivirus scanning, updating and administration. How well do today's AV products meet the challenge?
"ESM, ASAP!" , D. Gardner. (IS, Vol 3, 6, p. 28) Getting a handle on enterprise security management has never been more important…or more complicated. Here's a practical methodology and eight product suites that will help you manage the job.
"Evaluating Offsite Storage Alternatives" , G. Wold, T. Vick. (DRJ, Vol 3, 2, p. 20) Offsite storage and protection of vital records is an important aspect of business continuity planning. Vital records can be defined as irreplaceable records that can only be replaced after significant effort, expense and delay. This article describes important considerations related to the safety of vital records and the evaluation of offsite storage alternatives.
"Exploring the Legacy of the Year 2000 Efforts" , J. Newton, R. Pattison. (DRJ, Vol 13, 1, p. 16) The millennium rollover, and events during the first few months of 2000 are no longer a mystery; they're history. We know what has happened, and what hasn't.
"Fast…& Secure" , A. Croll, B. Rothke. (IS, Vol 3, 1, p. 24) Crypto accelerators can cure a variety of e-security headaches. But be sure to choose the right one for your IT strategy, 'cause one size does not fit all.
"Features: Data Center Managers Brace for Post-Y2K Challenges" , D. Eddy. (EMI, Vol 20, 3, p. 22) E-business looms large, while legal concerns still keep some from forthright discussions of their millennium rollover projects.
"From Basic Recovery to e-Continuity" , R. Campbell. (CPM, Vol 5, 3, p. 30) The rush-to-mass-market use of the Internet will dramatically change the industry and profession of disaster recovery and business continuity planning. The challenge for planning professionals is to adapt to the emerging technologies or be left behind.
"Future Shock: An Industry Forecast" , A. Berry. (RM, Vol 47, 4, p. 25) What can the insurance industry do to remain viable in the new millennium? Making friends with e-commerce is a good place to start.
"Get All the Facts Before Signing on With SANs" , D. Bannister. (EMI, Vol 20, 4, p. 24) SAN Technology is promising, but you need an unbiased analysis of your options before opening the company checkbook.
"How to Survive Merger Madness" , E. De Jesus. (IS, Vol 3, 2, p. 48) What should you do when your favorite infosec vendor gets acquired?
"How to Survive the Big One: Disaster Recovery in Oracle8i Environments (part one)" , M. Smith, D. Edborg. (DRJ, Vol 13, 2, p. 78) Planning for disaster recovery is akin to purchasing life insurance. For both insurance and disaster recovery outlays, the expected rate of return is negative.
"How to Survive the Big One: Disaster Recovery in Oracle8i Environments (part two)" , M. Smith, D. Edborg. (DRJ, Vol 13, 3, p. 32) The conclusion of the article stating that a wide range of disaster recovery solutions can be assembled using different technologies and implementation approaches. In order to determine the correct approach, the business risk of down time must be estimated.
"(In) Security From End to End" , J. Galvin. (IS, Vol 3, 3 p. 56 ) The myth of secure e-mail is that all you need to do is install the right products or protocols, and away you go. The reality is much more complicated.
"Ironclad Security" , P. Korzeniowski. (IS, Vol 3, 8, p. 40) Mainframe security has become lax at the same time the potential for catastrophic damage has mushroomed. New audit and assessment tools can help you batten down the hatches.
"It's About Time" , W. Schwartau. (IS, Vol 3, 6, p. 64) Measuring detection and reaction time to cyberattacks is a key element of an infosecurity plan.
"Keeping the Lines Clear" , D. Walters. (SM, Aug. 00, p. 83) The telecommunications industry has moved quickly to take advantage of new business opportunities, but its efforts to guard against the new risks these ventures brings are not as nimble.
"Let's Get Physical. Designing Secure IT Facilities" , J. Lyons. (CPM, Vol 5, 4, p. 24) Without a complete security plan that includes physical security in conjunction with technical and logical security, companies remain extremely vulnerable to disastrous environmental and human factors.
"Linux Security" , P. Loshin. (IS, Vol 3, 2, p. 20) Is open source too open for its own good?
"Living with Viruses" , D. Harley. (SM, Aug. 00, p. 88) A look at the latest virus threats and solutions.
"Locking Down the Wavelengths" , E. De Jesus. (IS, Vol 3, 10, p. 58) Wireless devices are flooding the airwaves with millions of bits of information. Securing those transmissions is the next challenge facing e-commerce.
"Love Bites! Lessons Learned From Love Bug" , D. Biby. (CPM, Vol 5, 4, p. 13) The Love Bug virus came and went, leaving an expensive wake of destruction in its path. What can companies learn from this incident to prevent damage in the future?
"Malware Mayhem" , L. Bridwell, P. Tippett. (IS, Vol 3, 10, p. 50) Despite our best efforts, the global virus problem continues to get worse, according to ICSA.net's sixth annual "Virus Prevalence Survey."
"Managing the Threat From Within" , E. Shaw, J. Post & K. Ruby. (IS, Vol 3, 7, p. 62) You've heard it time and time again: Insiders constitute the greatest threat to your organization's security. But what can you do about it?
"Mastering the Fundamentals, Part 1" , R. Mackey, J. Gossels. (IS, Vol 3, 1, p. 58) Encryption technology provides a valuable means to guarantee confidentiality, integrity and authenticity in today's networked world.
"Mastering the Fundamentals, Part 2" , R. Mackey, J. Gossels. (IS, Vol 3, 2, p. 54) Extending your business to the Web requires securing your corporate perimeter, identifying and fixing vulnerabilities and conducting best practices in e-commerce security.
"Mastering the Fundamentals, Part 3" , R. Mackey, J. Gossels. (IS, Vol 3, 3, p. 68) Getting all the details right may still leave your business insecure…maybe even unsecurable. Amazingly, many organizations miss the big picture entirely.
"Moving Your Data Center: Mission Possible" , S. Miller. (EMI, Vol 20, 6, p. 12) Packing up your shop without unnecessary downtime sounds as complicated as unraveling a spy ring, but careful planning and outsourcing options can reduce the risks.
"New Challenges Face Business Continuity Planners" , K. Baker. (DRJ, Vol 13, 2, p. 52) In an environment where system failures, theft and sabotage are as easy as a keystroke, the protection and continuity of your business involves a new type of technology and thinking.
"New World Disorder: E-Commerce Blurs Borders" , R. Meder. (RM, Vol 47, 11, p. 35) When your company goes online, it's an instant global business. Can you count on your domestic insurance program for international protection?
"Outwitting Cybercriminals" , J. Conley. (RM, Vol 47, 7, p. 18) Hackers, viruses and security breaches, oh my!
"Penetration Testing Exposed" , G. Kurtz, C. Prosise. (IS, Vol 3, 9, p. 88) Part three of our four-part series on "Audits, Assessments & Tests (Oh, My)" explores penetration testing, the controversial practice of simulating real-world attacks by discovering and exploiting system vulnerabilities.
"PKI: Be Careful What You Wish For" , A. Bhimani. (IS, Vol 3, 5, p. 38) What's it gonna take for public-key infrastructures to deliver on their promise?
"Planning for the Perils of e-Commerce" , E. Schmidt. (CPM, Vol 5, 5, p. 29) Keeping customers on your Web site requires lightning-fast data recovery times. Here are some basic technologies to help you minimize the impact of outages.
"Preventing PC Downtime" , D. Cane. (DRJ, Vol 13, 3, p. 54) Corporate IT departments are tasked with many duties battling computer downtime, repairing configuration problems and retrieving lost data for the hundreds and thousands of PCs they manage. Until recently, no automated solutions have existed that address these pervasive problem areas.
"Prioritizing Disaster Recovery Plans Using Risk Maps" , M. Jablonowski. (DRJ, Vol 13, 3, p. 58) Recovery professionals agree that the first step in establishing effective disaster plans is a systematic risk assessment. The occurrence of disruptions of the type the disaster planner deals with and their affects can rarely be determined in advance.
"Protecting the Network Neighborhood" , S. Blake. (SM, April 00, p. 65) Companies are increasingly aware that security must be a priority for their networks. Here's what you need to know.
"Protecting the SOHO Front" , M. Suydam. (IS, Vol 3, 1, p. 50) An overview of firewall options for DSL-connected LANs and PCs.
"Remote Journaling. A New Trend in Data Recovery and Restoration" , T. Flesher. (CPM, Vol 5, 2, p. 14) In today's world of e-Commerce, relying on daily database backups is no longer adequate. Remote journaling is one technology that many contingency planning professionals use to protect their critical database applications.
"Safe and Secure: Phased Implementation of Security Management" , D. Moser, R. Tamir. (EMI, Vol 20, 1, p. 52) Information is a leading global commodity, and protecting it has become top priority. Here's a comprehensive prescription to address your security needs.
"SANs Hold Promise for Today's Mega Storage Needs" , W. Hait. (EMI, Vol 20, 3, p. 36) Although compatibility and security issues require refinement, SAN development is leading to the accessibility, availability and recoverability required for high-volume data storage.
"Secure Directory Services for E-Business" , D. Szerszen. (IS, Vol 3, 6, p. 70) A practical primer for securing enterprises directory services.
"Secure Directory Services for E-Business" , D. Szerszen. (IS, Vol 3, 4, p. 80) Extending your business to the Web requires a firm understanding of directories, what they offer and the challenges you'll face in deploying them (Part 1 of 3)
"Secure Directory Services for E-Business" (Part 2 of 3) , D. Szerszen. (IS, Vol 3, 5, p. 82) Properly secured, directories can be an effective tool for authorization to back-office legacy applications.
"Securing DSL" , R. Day. (IS, Vol 3, 1, p. 38) Without a well-thought-out security strategy, "always on" DSL Internet connections can translate into "inherently vulnerable."
"Security Focused" , A. Briney. (IS, Vol 3, 9, p. 40) Security budgets are way up. So are security breaches. As the challenges multiply, the 2000 Information Security Industry Survey explores how to maintain your focus.
"Telecom Goes e-Biz: The Next Wave in Disaster Recovery" , L. Coleman. (CPM, Vol 5, 4, p. 20) Traditional telephone companies aren't just talk; they're rapidly evolving full service suppliers of e-business solutions, with a mission to help protect against digital disaster.
"The Behind-the-Screen Disaster" , D. McCallam. (CPM, Vol 5, 3, p. 34) Many corporations assume that they are too small-scale or too low-tech to be targeted by hackers. Such a naïve approach may have already cost you hundreds of dollars.
"The Hacker Files" , D. Neeley. (SM, July 00, p. 103) A look at hack attack trends and where to go for help.
"The Internet Changes Everything, Techniques and Technology for Continuous Offsite Data Protection" , D. Beeler. (DRJ, Vol 13, 4, p. 58) Changes brought about by the rise of the Internet and Intranets, allowing global access to information from anywhere at any time, have changed the rules when it comes to protecting enterprise data and ensuring continuous availability and recoverability.
"The Technology and Risk Spiral" , J. Kelley. (CPM, Vol 5, 3, p. 28) As more corporations embrace the intricacies of modern computerization, they also invite the vulnerabilities inherent to such high-end environments.
"The Three E's of E-mail and Internet Policies" , M. Drolet. (RM, Vol 47, 7, p. 59) Developing a successful e-mail and Internet policy is as easy as e-e-e: establish a comprehensive policy, educate your employees about it, and enforce-and reinforce-its message.
"(Un)Bridging the Gap" , M. Bobbitt. (IS, Vol 3, 7, p. 34) It's been said that the only way to really secure a system is to take it off the network. That might turn out to be a practical solution, after all.
"Uncompromising Position" , R. Thieme. (IS, Vol 3, 1, p. 52) Where online privacy is in jeopardy, code sniffer RICHARD M. SMITH has been there to uncover it.
"Web of Worries" , G. Kessler. (IS, Vol 3, 4, p. 42) Web security on your mind these days? It should be, 'cause securing your company's Web architecture is a never-ending process.
"What Do You Want, Assured Availability or Recovery?" , C. Anderson. (DRJ, Vol 13, 2, p. 14) Nowhere in today's computer dependent world is the need for continuous operation more relevant and acute than in the arena of 9-1-1 emergency dispatch services.
"Why Benchmark Business Continuity Planning?" , GartnerGroup. (DRJ, Vol 13, 3, p. 12) Benchmarking definitions can vary depending on who uses the terms and for what purposes. After conducting over 6,000 information technology (IT) benchmarking studies, Gartner has developed consensus definitions and models that enable "apples to apples" comparisons of many different facilities.
"Writing and Enforcing Effective Internet Policy" , M. Drolet, K. Young. (CPM, Vol 5, 6, p. 24 ) Through employee education and policy enforcement, "cyber-slacking" can be curtailed.
"Y2K Revisited" , L. Eckhaus. (EMI, Vol 20, 6, p. 1) One year ago, we observed New Year's Eve with uncertainty. How will things be different this time?
"You've Been Hacked…Now What?" , D. Neeley. (SM, Feb. 00, p. 65) Companies are recognizing the need to have their own computer incident emergency response capabilities.
"Zero Tolerance, IT Physical Security More Vital Than Ever" , J. Lyons. (DRJ, Vol 13, 1, p. 32) The drive to maintain a 24x7 IT facility coupled with zero tolerance for disruption in customer service has put data security at the top of every CEO's agenda. For a select few of the biggest corporations, who have the resources to build multiple redundant sites, this problem is manageable. For the vast majority of companies, however, the drive to ensure business continuity in the face of disaster still remains illusive.

PLANNING & MANAGEMENT
"A Case for Web-based Planning" , A. Hagg. (CPM, Vol 5, 5, p. 26) How do you maintain effective contingency plans for a $14 billion company with 84,000 employees and manufacturing facilities in ten countries? CPM Hall of Fame Rich Corcoran of Eastman Kodak does it on the Web.
"A Common Language: Standardizing Risk Data" , E. Morrell, P. Vice. (RM, Vol 47, 1, p. 27) Data standards hold the potential of greater efficiency and flexibility for the insurance industry and its customers, but the two sides must work together to bring this to fruition.
"A World of Possibilities" , S. Harowitz. (SM, Jan. 00, p. 40) As societies and businesses around the global become increasingly interconnected, the risks that must be overcome and the skills need to do so are changing security's world.
"Aesop, a Fabulous Source for Business Continuity Planners" , G. Jacobsen. (DRJ, Vol 13, 1, p. 20) Owing to the "roots" of the business continuity planning discipline in the information technology arena, an emphasis on recovering the information technology (IT) infrastructure is understandable. However, the high level of sophistication that has been developed in disaster recovery methods has resulted in the growth of a vast army of people with IT/DR-oriented skills.
"Alert and Performing Well at 3 a.m., How to Maintain Response Readiness: 24 Hours a Day" , E. Coburn. (DRJ, Vol 13, 1, p. 74) In the world of "99% boredom, 1% terror" jobs, disaster recovery is pretty high on the list. You never know when it's going to hit but you have to be ready when it does.
"Back to Making Money Again…Right?" , D. Pigati. (CPM, Vol 5, 2, p. 24) Join one CEO in a fantastic journey to post-Y2K enlightenment
"Business Continuity Planning 201. Exercising Your Contingency Teams" , P. Rosenthal. (CPM, Vol 5, 3, p. 16) Recognizing a workable BCP plan and making a plan work are two different things. One consultant describes how to trust company tested their life-safety, business resumption, and command center teams.
"Business Continuity Planning Tabletop Exercise White Paper" , J. Hayes. (DRJ, Vol 13, 1, p. 12) The purpose of business continuity planning (BCP) tabletop exercising is to demonstrate to management the ability of one or more critical business processes to continue functionality, within the required time frame, following an interruption.
"Business Continuity Services, Request for Proposal White Paper" , M. Johnson. (DRJ, Vol 13, 1, p. 17) Developing a Request for Proposal (RFP) for technology solutions is a well-accepted practice. It is a method for vendors to recommend enabling solutions that may give your company a competitive edge.
"Chief Risk Officer: Stepping Up" , C. Lee. (RM, Vol 47, 9, p. 22) The CRO offers companies a key to improving business efficiency and bottomline management. But what is the right role, the right responsibilities and the right competencies for the chief risk officer?
"Choosing Web-based BCP Software: Don't Get Caught in the Wrong Web!" , B. Rojas. (DRJ, Vol 13, 3, p. 64) While the move to a web-based product should simplify and streamline planning enterprise wide, moving to the wrong web-based package can leave you with software that simply doesn't work.
"Developing a Positive Relationship with Business & Industry" , T. Sullivan. (DRJ, Vol 13, 4, p. 46) The private sector has a strong interest in the resolution of emergencies, both internal and external to their business site. However, their focus is on the bottom line. The length of time that they are out of production will directly impact the profit margin. This doesn't mean that they are not concerned with the life safety issues-most are. But when streets are blocked off, deliveries are delayed and employees can't get to work or worse if an incident becomes a long-term event, this can be costly.
"Does Your Business Continuation Plan Put You at Risk?" , A. Gliane, J. Ryan. (DRJ, Vol 13, 1, p. 81) A business continuation plan is important for the continued operation of a company involved in a crisis or a catastrophe. Yet as helpful as business continuation plans can be, they may inadvertently expose a firm to lawsuits.
"Does Your Plan Measure Up? , C. McKinney. (CPM, Vol 5, 6, p. 12) Confidence in one's business continuity plan can come only from thorough testing practices. The following four-step process, backed by a real-world case study, offers a manageable, cost-effective approach to plan evaluation.
"Five Steps to Risk Reduction" , E. Jopeck. (SM, Aug. 00, p. 97) Learn to identify and reduce risk by following these five steps.
"Foreign Exposure for Global Property" , J. Ptaszynski. (RM, Vol 47, 5, p. 34) Maintaining property overseas, whether establishing a plant or shipping a product, comes with heavy financial risk. By carefully constructing your insurance coverage and managing the risks through joint domestic and international teams, significant losses can be avoided.
"Hidden Dangers: Taking the Uncertainty Out of Mergers and Acquisitions" , J. Conley. (RM, Vol 47, 4, p. 12) The current rate of consolidation leaves risk managers with little time to evaluate the liabilities of newly acquired companies and their properties, particularly in the area of pollution and environmental problems. The market for new insurance tools to protect against these dangers is growing.
"HIPAA: The Race to Become Compliant" , E. Deveau. (DRJ, Vol 13, 4, p. 54) The primary intent of HIPAA is to provide the public with better access to health insurance, limit fraud and reduce healthcare companies' administrative costs. The Act also mandates that the United States Department of Health and Human Services (DHHS) develop standards and requirements for maintenance and transmission of health information that identifies individual patients.
"History in the Making" , A. Hagg. (CPM, Vol 5, 5, p. 32) History buff Bob Fuhr parlays his favorite subject into a promising business continuity venture.
"How to Cost Justify a Cost Continuation Plan to Management" , C. Gordon. (DRJ, Vol 13, 2, p. 26) It may seem obvious, but occasionally management needs to be reminded that information is a valuable asset and must be protected as such.
"Identifying Early Plan Weaknesses" A quick Questionnaire , D. Swanson. (CPM, Vol 5, 6, p. 16) The use of a self-assessment questionnaire for writers of business unit contingency plans can be an effective way of identifying obvious weaknesses.
"In Search of…Intentional Acts Coverage" , K. Wollner. (RM, Vol 47, 9, p. 43) More and more companies are purchasing employment-related liability products to cover claims arising from intentional acts. But in this seemingly arbitrary legal minefield, what isn't protected may surprise you.
"Increase Your Odds for Business Survival with Proper Insurance Coverage" , J. Elder. (DRJ, Vol 13, 1, p. 70) The impact of insured catastrophic losses can be terminal, even with proper coverages, due to lack of preparation, poor decisions made during a catastrophic loss and allowing the insurance claim process to get out of control. However, with an understanding of the claims process and proper planning the impact of a catastrophic event can be minimized.
"Insurance Tools for Deals Interrupted" , J. Amore. (RM, Vol 47, 10, p. 50) So much can go wrong with mergers and acquisitions-environmental liabilities, political unrest, executive exposures. A proper mix of insurance products can ease the transaction process and help close the deal.
"Integrated Risk Management in the Internet Age" , L. Hernandez. (RM, Vol 47, 6, p. 29) To face the new generation of risks brought on by technological innovation, companies must utilize the integrated risk management approach to draw together resources across the entire organization.
"Knocking the Starch Out of White-Collar Crime" , J. Conley. (RM, Vol 47, 11, p. 14) Many of the most conniving thieves threatening businesses today are already on the payroll. Employee fraud and embezzlement can cost a company millions, and when caught the culprit almost always goes free. Can anything be done to curb these crimes?
"Planning Gets Results" , G. Cramer. (SM, Mar. 00, p. 97) A detailed security business plan can help security compete for the resources it needs.
"Reducing Uncertainties with Catastrophe Models" , J. Smith. (RM, Vol 47, 2, p. 23) Sophisticated predictive technology can help the risk manager answer difficult questions concerning the potential dangers to lives and property.
"Regrouping, Rebuilding, Remaining. Disaster Recovery from a Small Business Perspective" , C. Chastang. (CPM, Vol 5, 1, p. 30) Preparing and protecting your small business from the economic devastation caused by disasters is something many business owners think about after a catastrophe. But, according to small business experts, there is no time like the present to consider how your business would fair in the face of potential disasters.
"Reputation at Risk?" , J. Kartalia. (RM, Vol 47, 7, p. 51) What do Nike, Sara Lee and Coca-Cola have in common? All have experienced brand-marring crises. Prevent such PR disasters from wreaking havoc on your balance sheet by using software systems to monitor your operations and employee activities.
"Risk Management: Understanding the Process" , L. Wenzel. (CPM, Vol 5, 3, p. 22) So how does an organization keep continuity planning alive now the Y2K has come and gone? Through good, sounds risk management.
"So, When Do You Really Need to Update "The Plan"?" , R. Herbert. (DRJ, Vol 13, 3, p. 52) June 1 is the date that most of your Disaster Recovery (DR) Coordinators, Business Continuity (BC) Planners and Contingency Planners (CP) circle on their calendars in Florida for the official start of Hurricane Season. Time to get those DR plans updated and ready to roll in case of a hurricane.
"Supply-Side Contingency Planning" , G. Gilbert, M. Gips. (SM, Mar. 00, p. 70) Contingency planners often forget to consider key elements of the supply chain. Here's what they need to know to prevent supply-chain disasters.
"Taking Stock of the States" , T. Anderson. (SM, May 00, p. 74) Security Management looks at the trends in state legislative activity.
"Talking It Up" , E. Sotallaro. (CPM, Vol 5, 1, p. 15) Perhaps the biggest challenge facing business continuity planners today is convincing key management personnel of the importance of planning. Now more than ever, planners must be skillful and consistent communicators.
"The CPM Perfect Plan 2000" , A. Hagg. (CPM, Vol 5, 5, p. 20) Each year, Contingency Planning & Management magazine invites various vendors to submit a contingency plan for a fictitious company, for whom we have devised a particular range of recovery and planning needs. See what plans this years' participating vendors have devised.
"The Paradox of Bureaucratic Risk Control" , E. Bax. (RM, Vol 47, 2, p. 19) Research results show that in complex, dangerous work environments, employees will create their own, informal sets of rules, sometimes breaking those set by company management. What can we learn from this behavior?
"The Recovery Team Planning Approach" , G. Wold, T. Vick. (DRJ, Vol 13, 4, p. 32) An important aspect of business continuity planning is organizing and structuring the Plan. The most common approach is to develop and structure the Plan using various recovery teams. This article describes the roles and responsibilities related to several of the recovery teams.
"The Value Triad" Integrating BCP with Quality and Performance , S. Baruch, M. Baruch. (CPM, Vol 5, 6, p. 17) Public and private organizations can reduce their costs, risks, and vulnerabilities through the integration of three seemingly independent frameworks: contingency planning, quality management, and performance excellence.
"When Bad Things Happen to Good Businesses" , D. Ray. (SM, Oct. 00, p. 91) By understanding their duty to protect under the legal principle known as civil liability, companies can avoid costly lawsuits.
"When Worlds Collide" , P. Mailes. (SM, April 00, p. 36) Find out how your business can avoid common pitfalls when trying to break into international markets.
"Why You Should Invest in Business Continuity Planning Software" , J. Kern. (DRJ, Vol 13, 4, p. 68) Do you have to use Business Continuity Planning (BCP) software to create a good disaster response and recovery plan? Of course not. Skilled planners were writing good plans years ago armed with nothing but determination and a typewriter.
"Y2K 2 BCP" Achieving Long-Term Value from Millennium Efforts , T. Dolan. (CPM, Vol 5, 6, p. 21) Don't let the time, money, and effort you put into developing a Y2K contingency plan go to waste. Learn how to convert it into an effective business continuity plan.

SURVEYS
"2000 Consultant Survey" , (DRJ, Vol 13, 1, p. 52) DRJ's recent survey of consultants offers up-to-date information for DR planners.
"2000 PC and Mainframe Survey Results" , (DRJ, Vol 13, 4, p. 93) DRJ's two most-recent surveys list some options for your DR Planning Software Selection.
"Long Day's Journey into Knowledge" , A. Etheridge. (SM, Aug. 00, p. 61) As security struggles to become an accepted academic discipline, ASIS leads them movement to link security studies to business schools.
"Security Up in the Air" , C. Slepian. (SM, Nov. 00, p. 54) The shortcomings in airport security can be overcome by analyzing airport facilities, employee supervision, equipment, and security procedures.
"Spring 2000 Other Services Survey" , (DRJ, Vol 13, 2, p. 93) This comprehensive survey focuses on companies who provide services other than alternative sites, software or consulting.
"Summer 2000 Alternative Site Survey" , (DRJ, Vol 13, 3, p. 94) Alternative site vendors who responded to our questionnaire are listed in an esay-to-read matrix form. Details about site location, hardware configurations and communications are included.