StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Trusted computing base / Business reasons for a BCP and a DRP - Research Paper Example

Cite this document
Summary
The concept of a “trusted computing base” Trusted computing base was first defined by as the combination of kernel and trusted process that allow violation of the systems access and control regulations (Rushby, 1981)…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER99% of users find it useful
Trusted computing base / Business reasons for a BCP and a DRP
Read Text Preview

Extract of sample "Trusted computing base / Business reasons for a BCP and a DRP"

Number: Lecturer The concept of a “trusted computing base” Trusted computing base was first defined by as the combination of kernel and trusted process that allow violation of the systems access and control regulations (Rushby, 1981). Lampson further defined it as a small amount of software and hardware that security depends on and that we distinguish from a much larger amount that can misbehave without affecting security (B. Lampson, 1992). From these two definitions therefore, trusted computing base can be terminology in computer security meaning a set of all the components including hardware, software, procedures and all other relevant components that are critical and essential to enforcing the security of the entire system.

In essence any vulnerability that may be faced by the trusted computing base will jeopardize the security of the entire system. This aspect places the TCB as a major and critical element of any system (Merkow & Breithaupt, 2006). For this reason the TCB should be carefully designed and implemented in order to realize a reliable system security. To achieve this modern operating system have immensely reduced the size of the TCB to a reasonable capacity that can easily be exhaustively examined and audited more effectively and efficiently (Merkow & Breithaupt, 2006).

The boundaries and scope of a TCB is defined at the organizational level by a security policy that is used in the organization. The development of a security policy should therefore be done exceptionally well so as to incorporate a well structured TCB. It is therefore evident that the TCB boundary is determined by the target of evaluation (TOE) in the security process. The target evaluation in any normal scrutiny of the system and the subcomponents, the list of components and the boundary under scrutiny should be determined before hand (Rushby, 1981).

According to the orange book this concept is further explained that the ability of a trusted computing base to enforce correctly a unified security policy entirely depends on the accuracy of the mechanisms within the trusted computing base, the protection of those mechanisms to ensure their correctness and the correct input of parameters related to the security policy (B. Lampson, 1992). This basically means specific resources such as hardware and software are part of the TCB if it has specifically been designed to provide the security to the computer system.

In the modern computer systems TCB is responsible for authenticating and controlling access by the users and their programs to files/file systems, memory and peripherals. Additionally the TCB is also responsible for the integrity checking of the communication path between the user and the computer. A report by James p. Anderson lays out some principles that a TCB must subscribe to (Rushby, 1981): 1. The process of decision making and the arrival at the decisions must not be tampered with. 2. It is fundamental that the TCB is always involved in security decision making. 3. The TCB must be of small size to allow exhaustive analysis and testing to assure its accuracy and correctness.

References B. Lampson, M. A. (1992). Authentication in Distributed Systems: Theory and Practice. ACM Transactions on Computer Systems . Merkow, M., & Breithaupt, J. (2006). Information Security: Principles and Practices. New Jersey: Pearson Education. Rushby, J. (1981). "Design and Verification of Secure Systems". 8th ACM Symposium on Operating System Principles. Pacific Grove, California, US. 2. What are the different business reasons for a BCP and a DRP? Business continuity plan and disaster recovery plan are two terms that are mostly used interchangeably.

However there is a slight difference between the two terms as used in business systems (4service Inc, 2012). Data Recovery Planning is concerned with the recovery of systems and infrastructure components incase of any failure in the system on the other hand Business Continuity Planning is concerned with a wider scope that involves the determination of which system components and functions need to be restored and those that may be ignored (IBM, 2011). In the current technological age all organization are employing technology and information systems to carry out their day to day activities.

This information systems and technology are vulnerable to threats and as a result lead to loss of data and information, unauthorized access and manipulation of data and information and the eventual alteration of the activities in the organization. For this reasons the use of BCP and DRP are inevitable to minimize losses, unauthorized access and also minimize impacts as a result of these threat (Merkow & Breithaupt, 2006). From a business perspective, the ultimate goal and importance of having a BCP and a DRP is basically to ensure there is business continuity even when there is technical or system failure in the business.

This minimization of interruption to business operation reduces the loss in monetary terms and time in the business. It also minimizes disruption to suppliers and customers thus enhancing acceptability, credibility and integrity of the business. According to the British standard BS 31100 BCP identifies the potential threats to the organization and the impacts that this threats may have on the business in the event of their occurrence. The BCP thus builds organizational resilience and preparedness for any eventuality and ensures continuity of business.

This safeguards and protect s the interests of their stakeholders. The DRP aides in the event of an occurrence of a disaster, this provides laid down procedures and documented and tested recovery plan (IBM, 2011). References 4service Inc. (2012). importance of business continuity planning. Retrieved March 20, 2013, from 4service: http://www.4service.com/importance_of_business_continuity_planning.asp IBM. (2011, August 1). disaster Recovery and business continuity. Retrieved March 21, 2013, from IBM: http://www-304.ibm.com/partnerworld/gsd/solutiondetails.do?solution=44832&expand=true&lc=en Merkow, M.

, & Breithaupt, J. (2006). Information Security: Principles and Practices. New Jersey: Pearson Education.

Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Trusted computing base / Business reasons for a BCP and a DRP Research Paper”, n.d.)
Trusted computing base / Business reasons for a BCP and a DRP Research Paper. Retrieved from https://studentshare.org/information-technology/1471205-trusted-computing-base-business-reasons-for-a-bcp
(Trusted Computing Base / Business Reasons for a BCP and a DRP Research Paper)
Trusted Computing Base / Business Reasons for a BCP and a DRP Research Paper. https://studentshare.org/information-technology/1471205-trusted-computing-base-business-reasons-for-a-bcp.
“Trusted Computing Base / Business Reasons for a BCP and a DRP Research Paper”, n.d. https://studentshare.org/information-technology/1471205-trusted-computing-base-business-reasons-for-a-bcp.
  • Cited: 0 times

CHECK THESE SAMPLES OF Trusted computing base / Business reasons for a BCP and a DRP

The Impact of New Media on CRM-Systems

hellip; This research aims to suggest new and innovative ways of maximizing the changing face of the media; expose business owners, employers and managers to the basic needs and expectations of the customer in the running of businesses; enhance communication in the organization; maximize the influence of new media on customer relationship management system.... The intention of this study is growing a business as a practice that business owners, employers and managers do not have an option to....
41 Pages (10250 words) Thesis Proposal

Business Information System

Projects related information system may experience set backs because of the failure in imparting fair practice by individuals and organisations.... The reason for this problem can be attributed to lack of professionalism in the IT industry at the individual level as well as group level. ... hellip; ...
18 Pages (4500 words) Essay

Accounting Information System: Security, Privacy and Other AIS Issues

And such disaster recovery through various data recovery models will offer the business continuity to the Accounting Information System.... This essay describes the accounting Information System (AIS) and especially discusses the issues about it's security, privacy and other issues....
13 Pages (3250 words) Essay

Retail sales in the UK 1986-2008: An empirical investigation

n this global market every component of business from manufacturing, marketing, distribution and others each got specialized.... This is one area of function which is active at each phase of business process i.... According to British Retail Consortium (2009) “UK retail sales were £278 billion in 2008, of which sales by predominantly food stores were over £127 billion....
34 Pages (8500 words) Essay

The UK Retail Industry Business Environment

From the paper "The UK Retail Industry business Environment " it is clear that environment analysis has become an important way and method in analyzing a firm position.... Kanter (1995:71) on his work of “Mastering Change” argues that success in the present-day business is not for those companies that re-engineer the way they do things, or for those fixing the past.... The conventional vertical integrated company based business model is gradually being replaced by a collaborative relationship between many fragmented, but complementary and specialized value stars and constellation (Wu & Chien: 1)....
27 Pages (6750 words) Case Study

Data Envelopment Analysis in Health Care

Since data envelopment analysis (DEA) was initially brought in by Charnes, Cooper and Rhodes in 1978, the just authoritative technique has been vastly advanced and utilized to evaluate the comparative efficiencies of multiple-response multiple-output decision-making units… The acceptance of DEA is because of its capacity to measure comparative efficiencies of multiple-input and multiple-output DMU's devoid of early masses on the contributions and productions....
19 Pages (4750 words) Thesis

Managing People in XYZ Company

The XYZ Company has decided to analyze their existing business strategy, the internal strength and weakness along with external opportunities and threat to analyze what can be the other suitable strategies which will help the organization to retain the high growth rate and market leadership.... The business plan will be made and evaluated to introduce the new strategy for retaining an organization's competitive position and also for enhancing sustainable growth in the coming future....
12 Pages (3000 words) Research Paper

An Invention of a Ubiquitous Access Management System

This essay discusses an invention of a ubiquitous access management system (UbAMS) by comparing the existing federated access management systems (FAMS) according to different criteria.... It provides personalization features, alongside compliance with accessibility and usability standards.... hellip; UbAMS will provide access to users to their web accounts and services from any access management system rather than providing access to a specific set of systems....
12 Pages (3000 words) Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us