by Vic Wheatman - 21 September 2001 The terrorist attacks on the United States on 11 September 2001 are focusing the attention of enterprise decision makers on the urgent need to prepare for disaster recovery — i.e., the steps an enterprise takes when it cannot operate normally because of a natural or manmade disaster. Before 11 September 2001, most enterprises may have thought of a disaster in terms of a snowstorm that hampers operations because key operating personnel cannot reach their positions. Recent events make it clear that the word "disaster" can mean something far more catastrophic — events from which it may take months or even years to recover. This special edition of the Security and Privacy Spotlight examines the issues of disaster recovery, business continuity planning (see "Aftermath: Business Continuity Planning," AV-14-5138), and the tools and services required for both (see "Aftermath: Technology Tools and Services," AV-14-5338). The reality is that many enterprises that experience a disaster never recover. Gartner estimates that two out of five enterprises that experience a disaster go out of business within five years. . . Read more of Aftermath: Disaster Recovery. What Is Crisis Management? by Roberta Witty - 19 September 2001 Disasters and other events that stop normal business processes require that management take immediate action to ensure the health and safety of personnel, and the viability of the enterprise.      The Ripple Effect: Disaster's Indirect Impact by Donna Scott and Bill Gassman - 20 September 2001 The events of 11 September 2001 show that disasters affect even enterprises far from the scene of the event. Enterprises must begin preparing for these ripple effects immediately. Jump-Start the Business Continuity Plan: A Checklist by Roberta Witty - 21 September 2001 The 11 September 2001 terrorist attacks are different in their human and enterprise operational impact from previous disasters. Enterprises must act to ensure their business continuity in the wake of these and possible future events.    Software Change Management: Disaster Recovery Lessons by Vic Wheatman and Chris Morris - 19 September 2001 The failure of the Australian Stock Exchange in 1995 shows the potential cost of even a brief interruption in service, and demonstrates that software change management is critical to uninterrupted operation. Cyberattacks: Prepare Your Enterprise Now by Rich Mogull - 20 September 2001 A significant increase in cyberattacks is likely to follow the events of 11 September 2001. Enterprises must understand this threat and take action to limit their vulnerabilities.    Disaster Recovery: Weighing Data Replication Alternatives by Donna Scott, Josh Krischer and Jon Rubin - 15 June 2001 Enterprises with short disaster recovery time objectives use data replication technologies. We provide a framework for understanding the myriad of available options. Getting Through: Using E-Mail and IM in a Disaster by Joyce Graff, Maurene Grey and Robert Batchelder - 20 September 2001 Standard communications methods can fail during natural and manmade events. However, as recent events have shown, alternatives such as e-mail, two-way paging and instant messaging may help get your messages through.    Disaster Recovery: What Governments Should Do Now by Gregg Kreizman, Christopher Baum and Bill Keller - 20 September 2001 In the period following the terrorist attacks of 11 September 2001, governmental bodies at all levels must reassert themselves and take all necessary steps to ensure the continuity of government services. Disaster Management Plan for Remote Access by John Girard - 20 September 2001 Telecommuting and mobile access can help enterprises cope with emergencies. When disaster strikes, key company locations may go offline or be physically inaccessible. Remote work capability will keep businesses running.