(1) List two ways to build visual model
of your system.
A data flow diagram DFD components help
in understanding the out flow of information for any process or system. Symbols
such as rectangles ,circles, and arrows are use. On top of it short sentences
are also written to show data inputs and the work of the medium. Short
sentences can briefly describe outputs storage points and the path between
every destination. Data flow diagram can be simple and can be drawn on a piece
of paper to explain the process or system or it can be drawn in depth with
multi-level Data flow diagram that gives the picture of the process in depth
and with so much of detail. It’s components helps in understanding the working
of the organization and help in deciding what should be done to improve or in
making new model for the company. Through picture, drawing, short sentences and
visual presentation it becomes easier to understand the process of the business
as sometimes words can be difficult to understand for some people.
It is crucial to mention that Data Flow
Diagram were popularized in the late 1970s arising from the book structured
design, by computing pioneer Ed Yourdon and Larry Constantine. There were other
contributors too contributing to the development of data flow diagram from Tom
DeMarco, Chris Gane and Trish sarson hence the name of the symbols and notations
comes from their name Yourdon and Coad, Yourdon and DeMarco, Gane and Sarson.
One main difference in their symbols is that Yourdon-Coad and Yourdon-DeMarco
use circle for processes while Gane and Sarson use rectangles with rounded
corners, sometimes called lozeges. There are other way of symbol variation in
use as well. It is crucial to keep in mind few rules and tip when creating a
data flow diagram, they are as follows:
All the process in DFDs should have one input and an output or
The data store should
have at least one data flow in and one data flow out.
Data stored in a system must go through a process.
All processes in a DFD go to another process or a data store.
A Swim lane which is also known as
SwimLane diagram is a type of flowchart in which it also clarifies who does
what in the process. It gives visual representation of connections,
communication and handoffs between different organization level and it also can
show inefficiency of the employee or wastage in the process. Other names given
to Swim lane diagram is Rummler-Brache diagram or cross-functional diagram.
They are called functional bands too.
Swim lane diagram was first published in the year 1990 in Geary Rummler
and Alan Brache book, improving processes.
There several benefit of using
swimlanes they are as follows:
It makes sure person who looks at swim
lanes diagram knows what is happening in the company and everybody know what
every body is doing.
Since everyone is aware of what
everyone is doing, there is less chances of duplication of work. For example,
different departments doing the same work. It even cuts down on unnecessary
step in the process.
A second swim diagram can be used to
model a better way of doing things in the organization. Swimlane can be used to
officially integrate processes between teams or departments, which will result
in healthier day-to-day working process of the organization. It introduces
parallel or vertical or horizontal lines in which steps process are by actors.
That are: work group department, employees and An information system.
What is the best definition of a trust boundary?
A trust boundary can be described as the line made through a
program. The line divide one side as trusted and the other side as untrusted.
The purpose of the trust boundary is to allow only trusted data to cross the
drawn line into information security system. This process also can make an
untrusted data to trusted through the program. Hackers can infiltrate the
information system through sending untrusted with trusted data which makes it
difficult for the programmers to understand whether the data is to be trusted
The point of entry of data across trust
boundary should be examined for security purpose.
It doesn’t mean you must encrypt or that you must authenticate, but as you analyze the
connection for vulnerabilities, you may discover that encryption and/or
authentication remediates the issues.
What are the 3 most essential questions to ask in threat modeling?
are you building?
can go wrong?
are you going to do about it?
In the Star Wars mnemonic, what threat does Luke Skywalker embody?
In the Star Wars mnemonic, Luke Skywalker embody Elevation of privilege
Kind of a threat.