- Email: [email protected]
workshop approach
Book Reviews The "funnel" approach that Berg and Schumny have utilized accentuates this feeling of unease. The opening of the book - the keynote speech and other comments on the process - paint a picture of a healthy and vibrant industry that is meeting challenges that are confronting it; there is, to be sure, a plague, but this can be fixed by solving the riddle that confronts us of understanding the process. In such a manner did Oedipus Tyrannus open. The remainder of the book moves along the line of Oedipus: as more and more facts gather, it appears that the system may have more problems than originally anticipated - and these problems appear to be more severe than feared. While there is no article that, from a practical or theoretical point of view, condemns the system, the IT standardization industry is bereft of Tiresias, who can tell us the cause of our plague. We are left to puzzle that out ourselves, and in so doing, may escape the curse of Oedipus. The articles in the volume portray an industry in transition - from a heavy industry bias in standardization to a bias that favors the knowledge worker (Peter Drucker's concept that is nearly thirty years old). The knowledge worker - the ultimate user of I T products - needs a different type and form of standards than the current system is able to produce. The current standards are focused on the belief that the user cares about how the systems interconnect, and is willing to learn and spend time helping the providers in this arena. Instead, I would posit the evolving model that says that the users expect the tool to work and that they don't really care how it works as long as it meets their needs. In effect, the users are saying that the tools are expected to interoperate; this is a requirement levied upon the providers. The compelling need for standards in the IT industry is moving to another arena. Just as the need moved from signal standards to data standards to information standards, the move is now to knowledge standards - that is, standards that help the user use, in a standardized manner, the tools that the industry has created. If the current volume is read with this in mind, there is little there to give hope. Most of the articles are " p a s t looking" articles; they focus on the past as a model for the future; this cannot be allowed to happen. One hopes that there will be an INSITS II, at which there will be continued European as well as
263
Asian and US participation, and in which someone will posit a new model for standards, in which possible user participation to create standards which help users use the products of the I T industry is examined. Even more it is hoped that the participants in the next INSITS have read the current volume and understand that they should build upon it. In conclusion, the current volume is necessary reading for anyone who wishes to understand the making of a crisis in I T standardization and standards. It will not provide the necessary understanding for someone who is entering the field; consider it an advanced text that is worth reading for the concepts that it contains, and for the ideas that it can and will provoke. It is only hoped that the next I N S I T S will begin where this one concludes, and that the next will begin to answer some of the questions that this one has raised.
Reviewed by: Carl Cargill
Handbook of Effective Disaster/Recovery Plannin~ A Seminar/Workshop Approach, by Alvin Arnell. McGraw-Hill Publishing Co, New York. Illustrated, Index, Appendices, Glossary. ISBN: 0 07 002394 8. This book is not a dictum on how to conduct disaster recovery planning. Rather, it is a tickler for the monitor and participants of a disaster and contingency planning workshop. Its flexibihty is designed to address the variety of different types of environments and identify the appropriate recovery measures. It addresses the options for onsite, hot-site, and cold-site contingency planning; as well as a brief cost benefit analysis for each measure. An advanatage of the workshop approach is its flexibility to adapt to the specific needs of each system within an organization, as well as acknowledgement that not all systems require the same types of disaster and contingency planning. Anticipation of a particular emergency eliminates naive security and encourages team participants to identify appropriate plans should a disaster occur at the data center or user site. The types of planning are clearly defined by security disciplines (i.e. operations, facihty, personnel, user community, communications, etc.);
264
Book Reviews
types of emergencies which may or can be relied upon to occur; prevention techniques; recovery issues. The manual is extensive in assisting the reader to understand resources and recovery techniques should an emergency arise. It does not presuppose a benign environment or that the geographical location is subject to turmoil. The types of external and internal catastrophes which can affect a system are available for the team and monitor to reference and identify as viable situations which require a plan of action. The reader will find forms, lists, task assignments, identification of teams and their responsibilities, and system documentation necessary to plan and implement disaster recovery programs. Different teams are defined in response to various types of disasters which may arise. Particular note should be taken of the realistic fashion in which the personnel resource reliability factor is identified. This is exemplified in the acknowledgement that team leaders and members may place precedence upon family and hfe saving responsibilities over the survival of a system. Identifying this type of situation enables the team to
realistically evaluate the reliability of resources and determine the necessity of off-site personnel to assist in recovery. Testing measures (i.e. dry runs, cold boot, evacuations, off-site restart processes) for the plans are defined and scheduled. Prescribed review time frames for each plan's components are provided. If there is a negative criticism of this book, it is in the limited definition of how to effectively use communications during a disaster. Communications, repeatedly defined as a critical aspect, lacks extensive integration into team planning. This may leave a novice planner, relying upon communication alternatives unprepared should links be affected or unrecoverable. If you are bored with dry manuals and dictums inherent in D A R P and contingency planning, this is the book for you. And, if you have a sense of humor coupled with the desire to provide your system with preventive, contingency and recovery plans defined in a realistic manner; this is a book you should read, apply, and reference.
Reviewed by: B.L. Stein-Verbit
263
Asian and US participation, and in which someone will posit a new model for standards, in which possible user participation to create standards which help users use the products of the I T industry is examined. Even more it is hoped that the participants in the next INSITS have read the current volume and understand that they should build upon it. In conclusion, the current volume is necessary reading for anyone who wishes to understand the making of a crisis in I T standardization and standards. It will not provide the necessary understanding for someone who is entering the field; consider it an advanced text that is worth reading for the concepts that it contains, and for the ideas that it can and will provoke. It is only hoped that the next I N S I T S will begin where this one concludes, and that the next will begin to answer some of the questions that this one has raised.
Reviewed by: Carl Cargill
Handbook of Effective Disaster/Recovery Plannin~ A Seminar/Workshop Approach, by Alvin Arnell. McGraw-Hill Publishing Co, New York. Illustrated, Index, Appendices, Glossary. ISBN: 0 07 002394 8. This book is not a dictum on how to conduct disaster recovery planning. Rather, it is a tickler for the monitor and participants of a disaster and contingency planning workshop. Its flexibihty is designed to address the variety of different types of environments and identify the appropriate recovery measures. It addresses the options for onsite, hot-site, and cold-site contingency planning; as well as a brief cost benefit analysis for each measure. An advanatage of the workshop approach is its flexibility to adapt to the specific needs of each system within an organization, as well as acknowledgement that not all systems require the same types of disaster and contingency planning. Anticipation of a particular emergency eliminates naive security and encourages team participants to identify appropriate plans should a disaster occur at the data center or user site. The types of planning are clearly defined by security disciplines (i.e. operations, facihty, personnel, user community, communications, etc.);
264
Book Reviews
types of emergencies which may or can be relied upon to occur; prevention techniques; recovery issues. The manual is extensive in assisting the reader to understand resources and recovery techniques should an emergency arise. It does not presuppose a benign environment or that the geographical location is subject to turmoil. The types of external and internal catastrophes which can affect a system are available for the team and monitor to reference and identify as viable situations which require a plan of action. The reader will find forms, lists, task assignments, identification of teams and their responsibilities, and system documentation necessary to plan and implement disaster recovery programs. Different teams are defined in response to various types of disasters which may arise. Particular note should be taken of the realistic fashion in which the personnel resource reliability factor is identified. This is exemplified in the acknowledgement that team leaders and members may place precedence upon family and hfe saving responsibilities over the survival of a system. Identifying this type of situation enables the team to
realistically evaluate the reliability of resources and determine the necessity of off-site personnel to assist in recovery. Testing measures (i.e. dry runs, cold boot, evacuations, off-site restart processes) for the plans are defined and scheduled. Prescribed review time frames for each plan's components are provided. If there is a negative criticism of this book, it is in the limited definition of how to effectively use communications during a disaster. Communications, repeatedly defined as a critical aspect, lacks extensive integration into team planning. This may leave a novice planner, relying upon communication alternatives unprepared should links be affected or unrecoverable. If you are bored with dry manuals and dictums inherent in D A R P and contingency planning, this is the book for you. And, if you have a sense of humor coupled with the desire to provide your system with preventive, contingency and recovery plans defined in a realistic manner; this is a book you should read, apply, and reference.
Reviewed by: B.L. Stein-Verbit