Presentation is loading. Please wait.

Presentation is loading. Please wait.

Richard Henson University of Worcester February 2017

Published byCamron Wells Modified over 6 years ago

Similar presentations

Presentation on theme: "Richard Henson University of Worcester February 2017"— Presentation transcript:

1 Richard Henson University of Worcester February 2017
COMP3371 Cyber Security Richard Henson University of Worcester February 2017

2 Week 3: Data, Information and Organisations
Objectives: Explain why, before an ISMS can even be considered, information flows between an organisation and the rest of the universe need mapping, and to actually do this Explain why it is important also to gather information to map information flows within an organisation, and to do this as well

3 Organisations and Systems
As already discussed each organisation has a purpose each organisation is different! No template ISMS is therefore possible Normally, the organisation creates some kind of system to enable them to fulfil their purpose!

4 Inputs and Outputs Many organisations decide to produce something…
and then sell it to people (B2C) or organisations (B2B) who become their customers but they need to get the stuff to make it, first… organisation jnput output

5 Machinery, Tools and Consumables (developing the system - 1)
Before they started up as a business, the founders would need to do a lot of planning and answer a lot of questions… how will they get customers (website? other channels) how will they get their product (outputs) to their customers how will they get the right raw materials (inputs) to make that product

6 Machinery, Tools and Consumables (developing the system - 2)
Also… what tools and machinery do they need to make the product (requires expenditure) how will their equipment be maintained what government departments need to be involved when they start trading! what sort of information will the government need?

7 Developing a System All organisations set up a system to cope with all the inputs and outputs inputs and outputs could be things or data as part of their planning, they draw diagrams showing flows for both usually stick to the plan to get the business running, so the system works

8 Getting out of Control! Then… if the business succeeds… the system grows busy running the business concentrate of their purpose, which they should be realising through meeting their business objectives may well find they are spending more than expected to keep that system going won’t necessarily update the plan… 10 years later they may not have a clue about their current information flows!

9 Developing a Context Diagram
Get the plan to manage information BACK INTO FOCUS lot of talk about Business Transformation first stage is to establish where the business is NOW! start with context diagram useful also from information security perspective! then look at flows within the organisation

10 External Entities Any external organisations that share information with the business Could be a lot of them… suppliers: of products and services business customers government bodies private sector industry bodies (local or national)

11 Suppliers Businesses: All have important information flows
that provide raw materials that provide equipment & consumables that provide services All have important information flows each has an individual channel for information flow needs to be categorised as H, M or L risk risk quantified in terms of consequences of losing data

12 Customers Need to have details to supply goods
Could be business or consumer both involve confidential data but consumer data is protected by law!

13 Government Agencies Companies House & Tax Office Local Government
if registered as a business Local Government payment due for business premises

14 Private Organisations
Accountant Web Site Provider Media (advertising) Internet access provider Solicitor Business support organisations Others…

15 Information Flow to Externals list (and risks…)
A business exchanges information with a lot of organisations organisation will be surprised at how much information needs to go in and out information flow to each external entity needs to be “risk assessed” convenient to create a list… External Type of information Risk level (H, M or L)

16 Drawing that Context Diagram
Provided that all externals are listed… should be easy to complete Internal system external Data flow

17 Events Processing events within the system
identify those that could in theory cause a data breach e.g. customer places order E.g. management requires sales report

18 System within a System Inside the business system boundary…
Orders have to be processed Purchases have to be made Accounting has to be quantified Others? All of these need data flows, data processing, data storage… mapped through Data Flow diagrams

19 Scope With large organisations, it may be useful just to focus on information risk in a small part of that organisation scope defines the system boundary from a risk assessment (and even information assurance) perspective Context diagram still possible… rest of the organisation also represented as “externals”

20 Data Flow Diagrams (DFDs)
Arranged in a hierarchical order: Level 1… level 2… level 3, etc. For high level risk analysis, DFD level 1 is sufficient

21 Level 1 DFDs Identify top-level processes within a system
Each process should interface with an external Processes may have associated data stores, or pass data direct to further top-level processes, or both

22 DFD symbols Process Data Store Data Flow

23 High, Medium or Low Risk? Internal processes only manipulated by employees Still important to identify flows and stores as involving high, low or medium risk data As with external flows… value of that data to the organisation is an important factor in assessing risk

24 Risk and Resources Results from risk assessment…
organisation more aware of what needs to be protected most Take steps to reduce vulnerabilities If information is high risk… more resources to protect data; put it in a safer place (cost?) greater training for staff involved with that data Penalties for data mismanagement?

Download ppt "Richard Henson University of Worcester February 2017"

Similar presentations

Identifying Data Flows

Identifying Data Flows
Johnb DFDs and Design John Bell The DeMarco notation.

Johnb DFDs and Design John Bell The DeMarco notation.
Chapter 3 Systems Documentation Techniques Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 3-1.

Chapter 3 Systems Documentation Techniques Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 3-1.
How to : Data Flow Diagrams (DFDs)

How to : Data Flow Diagrams (DFDs)
1 Introduction to Data Flow Modelling The data flow approach to requirements determination in building a system for business use. This type of computer.

1 Introduction to Data Flow Modelling The data flow approach to requirements determination in building a system for business use. This type of computer.
Dataflow modelling: Context and Data Flow Diagrams

Dataflow modelling: Context and Data Flow Diagrams
Chapter 1: Digital Firm 9.200 Information Systems for Management1 Chapter 1 Digital Firm.

Chapter 1: Digital Firm Information Systems for Management1 Chapter 1 Digital Firm.
Advanced Accounting Information Systems

Advanced Accounting Information Systems
Systems Analysis I Data Flow Diagrams

Systems Analysis I Data Flow Diagrams
 We already know that people are a vital part of any business.  Like any resource, people need to be properly managed and a computer system can.

 We already know that people are a vital part of any business.  Like any resource, people need to be properly managed and a computer system can.
IT Applications Theory Slideshows Data Flow Diagrams (DFD) & Context diagrams By Mark Kelly McKinnon Secondary College Vceit.com IT Applications Theory.

IT Applications Theory Slideshows Data Flow Diagrams (DFD) & Context diagrams By Mark Kelly McKinnon Secondary College Vceit.com IT Applications Theory.
Data Flow Diagrams (DFD) & Context diagrams Data Flow Diagrams (DFD)

Data Flow Diagrams (DFD) & Context diagrams Data Flow Diagrams (DFD)
E-Commerce: Definition: E-Commerce refers the use of internet and other online services to be engaged in buying and selling of digital and non digital.

E-Commerce: Definition: E-Commerce refers the use of internet and other online services to be engaged in buying and selling of digital and non digital.
National Diploma in Systems Analysis and Design Data Flow Modelling.

National Diploma in Systems Analysis and Design Data Flow Modelling.
Data Flow Diagrams (DFDs)

Data Flow Diagrams (DFDs)
Structuring System Process Requirements. Learning Objectives Understand the logical modeling of processes by studying examples of data flow diagrams (DFDs).

Structuring System Process Requirements. Learning Objectives Understand the logical modeling of processes by studying examples of data flow diagrams (DFDs).
Level 1 Business Studies

Level 1 Business Studies
Managing the development and purchase of information systems (Part 1)

Managing the development and purchase of information systems (Part 1)
1 Lecture 3: Introducing Data Flow Diagrams (DFDs) Section 1 - The Concept of Diagrams Why use Diagrams? Diagrams as Working Documents Systems Analysis.

1 Lecture 3: Introducing Data Flow Diagrams (DFDs) Section 1 - The Concept of Diagrams Why use Diagrams? Diagrams as Working Documents Systems Analysis.
Systems Analysis & Design Data Flow Diagrams. End Home Data Flow Diagrams – Definition  A data flow diagram is a pictorial model that shows the flow.

Systems Analysis & Design Data Flow Diagrams. End Home Data Flow Diagrams – Definition  A data flow diagram is a pictorial model that shows the flow.

Similar presentations

Ads by Google