ABSTRACT
Business resumption and disaster recovery planning is probably the part of information security that is
easiest to overlook and postpone. Perhaps that is because few people actually enjoy preparing a business
resumption plan. Like insurance, it is something one hopes is never needed; and because it is an inexact
science at best, one is rarely sure that it has been completed correctly. More often, however, no one
intentionally delays business resumption planning; it just does not happen-because of other job
pressures, deadlines, and more seemingly urgent demands on one’s time.
