In the wake of recent disasters—both natural and man-made—business continuity planning has become increasingly important to many organizations. Disasters such as floods, hurricanes, tsunamis, tornadoes, terrorist attacks, prolonged power outages, and the like can cause significant disruptions to an organization. Business continuity planning (or BCP) is a methodology used to create a plan for how an organization will resume partially or completely interrupted critical function(s) within a predetermined time after a disaster or disruption. BCP was used in many industries to anticipate and handle potential computing problems introduced by crossing into the new millennium in 2000, a situation generally known as the Y2k problem. Regulatory agencies subsequently required certain important industries—power, telecommunication, health, and financial—to formalize BCP manuals to protect the public. Those new regulations are often based on the formalized standards defined under ISO/IEC 17799 or BS 7799.
Although business focus on BCP arguably waned somewhat following the Y2K transition (mainly due to its success), the lack of interest unequivocally ended on Sep. 11th, 2001, when simultaneous terrorist attacks devastated lower New York City. Many critical functions for many different organizations were lost and not restored for sometime. This tragic event changed the worst case scenario paradigm for business continuity planning.
Today, BCP may be a part of a larger organizational effort to reduce operational risk associated with poor information security controls, and thus has a number of overlaps with the practice of risk management. However, the scope of BCP extends beyond information security only. Part of good business continuity planning includes an accurate accounting of computing assets and resources that an organization possesses. Many organizations track their hardware assets by manually placing bar code labels on computers, monitors, etc. and then scanning those labels to create an electronic record of the assets. Unfortunately, over time, this data becomes stale as computers and monitors are moved or replaced, and applications are updated, deleted, or changed out. Moreover, the process of collecting the information initially is manually intensive and prone to inaccuracies.
Accordingly, there remains a need for improved techniques in building and maintaining a current and accurate inventory of computing resources within an organization.