Models / Data Architecture / Data security diagrams
Data security diagrams

Data is considered as an asset to the enterprise and data security simply means ensuring that enterprise data is not compromised and that access to it is suitably controlled. The purpose of the data security diagram is to depict which actor (person, organization, or system) can access which enterprise data. This relationship can be shown in matrix form between two objects or can be shown as a mapping. The diagram can also be used to demonstrate compliance with data privacy laws and other applicable regulations (HIPAA, SOX, etc). This diagram should also consider any trust implications where an enterprise’s partners or other parties may have access to the company’s systems, such as an outsourced situation where information may be managed by other people and may even be hosted in a different country.

Large diagrams can become hard to read. It is recommended that you create one data security diagram per business entity, and/or per participant (typically a role). In particular, diagrams focused on actors and their missions can provide habilitation links. Diagrams may also be focused on the external access to the system, that is on which data the external actors can access.

Alternatively, tables can be created, like in the example below:

Client Individual trip Order Travel Bill
Sales person CRUD CRUD CRUD CRUD CRUD
Marketing Agent CRUD
Billing person CRUD
Customer CRUD CRUD CRUD CRUD CRUD

 

Still, the links need to be created, since they can be used in any kind of diagram.

data-security-diagram
This diagram expresses who has the right to access which data and with which rights

external-actor-32External Actor: Actor that is external to the enterprise.

internal-actor-32Internal actor: Actor which belongs to the enterprise

data-flow-crudFlow of data: There is one active element on one side (e.g. actor, process) and an element carrying data at the other side (entity, event, product). Habilitation can be expressed on these flows, expressing which access and rights on data the active element has.

 

Comments  

 
0 # zahra 2012-07-28 10:31
Hello :)
I want to model security concepts using UML diagrams.can anybody help me?

thanks a lot :-)
Reply | Reply with quote | Quote
 

Add comment


Security code
Refresh

Login



Sign in to use the forum and be informed of the latest news.

Forum activity

More Topics »

Latest comments