With the Internet increasingly becoming a part of everyday culture, it is imperative that organizations have a business continuity plan in place that includes e-business activities. Management needs to know and understand that information is a valuable asset and must be thoroughly protected, along with ensuring the ability to resume business operations should an incident occur.

E-security must be implemented for successful business resumption to occur, whether an incident is planned for or not.

This book provides a planning method that has been adapted to the requirements of e-commerce, as well as the necessary information to ensure that "protection and recovery of production resources" are continued and maintained.

This technical reference book allows for businesses and organizations to implement prescribed methodologies, which enables them to continue operations in the event of an interruption to the information systems that support their critical business processes. The book also provides information to help identify what impacts to business processes exist if an application or system becomes unavailable for an unacceptable period of time.

With e-security evolving from an IT infrastructure concern to a business concern, enterprises that can recover e-commerce capabilities rapidly, with minimal data loss and downtime, expand their reputation and are considered credible, ready and able, and resourceful. Organizations that do not take this seriously risk loss of revenue and possibly bankruptcy.

The authors examine "the typical business continuity planning model and highlight how the special requirements of e-commerce have shifted the emphasis." The book's design presents guidelines and templates, which are especially useful to the individual who is implementing business continuity planning in an e-commerce environment.

The book is organized in a manner that is easily understood. It covers the following areas with a strategic approach:

• Business continuity planning and evaluation
• Business assessment
• Strategy selection
• Plan development
• Testing and maintenance

The reference guide is enhanced further with the inclusion of an audit program and an internal control questionnaire, which is especially valuable with direct reference to COBIT® (Control Objectives for Information and related Technology).

The target audience for this book includes business managers, security and audit professionals, and educators and students who focus on information security and business continuity and/or disaster recovery planning, as well as others concerned with limiting risk.

This book is an extremely useful management tool for identifying the optimum, and most cost-effective, methods and controls. It is an excellent resource that not only provides planning techniques, but also the precautions and the procedures that organizations should use or apply since e-commerce is such a unique business component.

Editor's Note:

E-commerce Security—Business Continuity Planning is available now from the ISACA Bookstore. For information see the ISACA Bookstore Supplement in this Journal, visit www.isaca.org/bookstore, e-mail bookstore@isaca.org or telephone +1.847.253.1545, ext. 401.

Other guides in the e-Commerce Security series include:

• Securing the Network Perimeter
• Public Key Infrastructure: Good Practices for Secure Communications
• Trading Partner Authentication, Registration and Enrollment
• A Global Status Report
• Enterprise Best Practices

Linda M. Kinczkowski, Ph.D.
is the graduate program coordinator for the information security program at Eastern Michigan University (USA). She belongs to several associations including ISACA, ASIS, ISSA and ASLET.