xvi Foreword by Mr. Paul Kurtz
rorist incident, natural disaster, or other disruption. It is crucial for any
business or organization to plan its survival following the loss or denial of
access to buildings, a significant number of staff, their IT systems, impor-
tant records and information, or myriad other assets they depend upon to
operate successfully.
I have learned in my career that one can never plan enough to mitigate
all of the effects of a disaster. I have been privileged to participate in strate-
gic planning for many unforeseen events; such experiences expose the mag-
nitude and scope of devastation and destruction with which people close to
the event must contend. In the middle of such unforeseen events, there is
little one can do to stop an explosion, a volcano, flood, fire, or myriad other
things that we see happen every day in our instant-news environment.
What one must realize is that the distinguishing factor between coping suc-
cessfully with such events or being totally overwhelmed and unable to cope
at all is the amount of planning and preparation that takes place before the
event occurs. This, of course, does not mean preparation and planning will
insulate those who take such steps from the explosion’s effects, or from the
waters of a flood, but it does mean that their likelihood of preventing
greater damage or of lessening the effects of damage is greater than that of
someone who did nothing. While no amount of planning can magically
defray the effects of a disaster, planning and preparation can help reduce the
after-effects and aid in recovery after such events.
In Business Continuity and Disaster Recovery for InfoSec Managers, Drs.
Rittinghouse and Ransome present a thorough, well-structured explanation
of the need for taking such preventative measures. They have carefully
crafted a presentation of the material that is crucial to help any organization
develop a set of contingency plans that will assist in the recovery process.
The book is clearly business oriented, and from the very first page, the
authors emphasize the need to understand what can happen and why the
organizations that survive such events are the ones that have prepared for
their mitigation and recovery. They candidly point out that organizations
that fail to do so generally do not survive the effects of an event.
In Chapter 1, they present the issue of planning, distinguishing between
the contingency and continuity planning processes and explaining each facet
of planning that an organization must undertake to create a successful Busi-
ness Continuity Plan. They even cover the steps necessary to organize a
project team to build the plan. In Chapter 2, the process of risk assessment is
covered thoroughly. It is impossible to cover every conceivable aspect of busi-
ness risk assessment in any book, but the authors have presented a cogent
approach for businesses that allows planning teams to look at what is possible