Data security diagrams

Data is considered as an asset to the enterprise and data security simply means ensuring that enterprise data is not compromised and that access to it is suitably controlled. The purpose of the data security diagram is to depict which actor (person, organization, or system) can access which enterprise data. This relationship can be shown in matrix form between two objects or can be shown as a mapping. The diagram can also be used to demonstrate compliance with data privacy laws and other applicable regulations (HIPAA, SOX, etc). This diagram should also consider any trust implications where an enterprise’s partners or other parties may have access to the company’s systems, such as an outsourced situation where information may be managed by other people and may even be hosted in a different country.

Large diagrams can become hard to read. It is recommended that you create one data security diagram per business entity, and/or per participant (typically a role). In particular, diagrams focused on actors and their missions can provide habilitation links. Diagrams may also be focused on the external access to the system, that is on which data the external actors can access.

Alternatively, tables can be created, like in the example below:

  Client Individual trip Order Travel Bill
Sales person CRUD CRUD CRUD CRUD CRUD
Marketing Agent       CRUD  
Billing person         CRUD
Customer CRUD CRUD CRUD CRUD CRUD

 

Still, the links need to be created, since they can be used in any kind of diagram.

data security diagram

external actorExternal Actor: Actor that is external to the enterprise.

internal actor 32x32Internal actor: Actor which belongs to the enterprise

data-flow-crudFlow of data: There is one active element on one side (e.g. actor, process) and an element carrying data at the other side (entity, event, product). Habilitation can be expressed on these flows, expressing which access and rights on data the active element has.

data security diagram

This diagram expresses who has the right to access which data and with which rights

Comments   

zahra
-1 # zahra 2012-07-28 10:31
Hello :)
I want to model security concepts using UML diagrams.can anybody help me?

thanks a lot :-)
Reply | Reply with quote | Quote

Add comment

Leave this empty:


Security code
Refresh

^ Back to Top