In one variation or another, the speculative demise of someone like George strikes a familiar theme in watercooler conversations across the United States. Many companies' dependence on information technology has left them vulnerable to unexpected disasters that could shut down or disrupt the electronic network and everything wired to it — along with essential business operations. The risk is amplified when separate business functions have integrated through IT and also by the mutual dependence of several companies along a supply chain.

Planning for business continuity and disaster prevention have also become hot topics at seminars, in Georgia Tech classrooms and in the business press in recent years.

According to security expert Thomas E. Noonan, ME 83, a business-continuity plan is more than just a good idea, it is essential.

"A good business-continuity plan in terms of critical infrastructure — meaning the cyber infrastructure — clearly focuses first on minimizing the opportunity for disaster to happen in the first place," said Noonan, chairman, CEO and co-founder of Atlanta-based Internet Security Systems, which produces and markets a range of Internet products and services worldwide.

Business-crippling IT disasters run the gamut from tornadoes to cybervandalism, Internet hackers and acts of terrorism. Even accidents — coffee spilled on critical backup tapes, for instance — could bring disastrous consequences by impeding or halting the ability to conduct business.

Noonan said that much progress has been made over the past few years, pointing to the establishment of the National Infrastructure Advisory Council to provide President George W. Bush with recommendations regarding the security of the cyber and information systems of national security and economic-critical infrastructures.

Speaking at the Atlanta SecureWorld Expo last fall, Richard DeMillo, Imlay dean and distinguished professor of computing at Georgia Tech's College of Computing, said that antiviruses, firewalls and virtual private networks will be deployed in 95 percent of all organizations by next year. Drawing from a survey of IT professionals conducted last year, DeMillo added," By 2005, 60 percent of organizations will have both intrusion detection systems and vulnerability analysis tools deployed, up from only 7 percent in 2001."

A survey conducted two years ago by AT&T revealed that one in four U.S. companies do not have any kind of business-continuity or disaster-recovery plans in place, and of those that do, one-fifth have not tested their plans in the past five years.

Those findings prompted AT&T to commission a series of new studies. Georgia Tech was one of five universities receiving grants to analyze a particular industry segment in terms of best practices in business continuity and disaster recovery.

Naresh Malhotra, Regents' professor of marketing, and Saby Mitra, associate professor of information technology, examined the travel and leisure industry and developed a business-continuity framework.

Among the report's key recommendations to help companies develop a plan for continuity and data security: