Title: Tom DeMarco, Chris Gane and Trish
Title: Week 1 AssignmentNAME: VISHAL KUMARCourse name: ISOL536-SecurityArchitecture and DesignDate: January 21st,2018Instructor name: Dr.Ahmed Ben Ayed (1)List two ways to build visual model of your system. ANSWER:Adata flow diagram DFD maps out the flow of information for any process orsystem. Symbols such as rectangles ,circles, and arrows are use.
On top of itshort labels are also written to show data inputs, outputs storage points andthe path between every destination. Data flow diagram can be simple and can bedrawn on a piece of paper to explain the process or system or it can be drawnin depth with multi-level Data flow diagram that gives the picture of theprocess in depth and with so much of detail..
it is used to anayze an existingsystem or make a new model for the for the organization. Data flow diagram makeit easier to explain the process through diagrams and visual presentation ofthe process which makes it easier to understand as some time words can bedifficult to understand. Itis crucial to mention that data flow diagram were popularized in the late 1970sarising from the book structured design, by computing pioneer Ed Yourdon andLarry Constantine. There were other contributors too contributing to thedevelopment of data flow diagram, Tom DeMarco, Chris Gane and Trish sarsonhence the name of the symbols and notations comes from their name Yourdon andCoad, Yourdon and DeMarco, Gane and Sarson.
One main difference in theirsymbols is that Yourdon-Coad and Yourdon-DeMarco use circle for processes whileGane and Sarson use rectangles with rounded corners, sometimes called lozeges.There are other way of symbol variation in use as well. it is crucial to keepin mind few rules and tip when crating a data flow diagram, they are asfollows: 1. Each process shouldhave at least one input and an output.
2. Each data store shouldhave at least one data flow in and one data flow out.3.
Data stored in asystem must go through a process.4. All processes in a DFDgo to another process or a data store.ASwim lane which is also known as SwimLane diagram is a type of flowchart inwhich it also clarifies who does what in the process. It gives visualrepresentation of connections, communication and handoffs between differentorganization level and it also can show inefficiency of the employee or wastagein the process. Other names given to Swim lane diagram is Rummler-Brachediagram or cross-functional diagram.
They are called functional bands too. Swim lane diagram was first published in theyear 1990 in Geary Rummler and Alan Brache book, improving processes.Thereseveral benefit of using swimlanes they are as follows:Itmakes sure person who look at swim lanes diagram know whats happening thecompany and everybody know what every body is doing.
.Thereis less chance of duplication of work. For example, different departments doingthe same work. It even cut down on unnecessary step in the process.
Asecond swim diagram can be used to model a better way of doing things in theorganization. Swimlane Diagrams can be formalized as a wayto integrate processes between teams or departments, resulting in cleanerprocesses on an ongoing basis. swimlanesintroduce parallel or vertical or horizontal lines grouping the process stepsby actor, such as employee, work group department or even an informationsystem. (2) What is the best definition of atrust boundary?ANSWER:A trust boundary can bethought of as line drawn through a program.
On one side of the line, data isuntrusted. On the other side of the line, data is assumed to be trustworthy.The purpose of validation logic is to allow data to safely cross the trust boundary- to move from untrusted to trusted. A trust boundary violation occurs when aprogram blurs the line between what is trusted and what is untrusted.
Bycombining trusted and untrusted data in the same data structure, it becomeseasier for programmers to mistakenly trust unvalidated data. Data entering from across a trust boundaryindicates every place where the receiving systems need to validate the inbounddata. Data crossing a trust boundary also means that you have identified aplace where you should examine the security of the data. It doesn’t meanyou mustencrypt or that you must authenticate,but as you analyze the connection for vulnerabilities, you may discover thatencryption and/or authentication remediates the issues. (3) What are the 3 most essentialquestions to ask in threat modeling?ANSWER:What are you building?What can go wrong?What are you going to do about it? (4) In the Star Wars mnemonic, whatthreat does Luke Skywalker embody? ANSWER: In the Star Wars mnemonic, LukeSkywalker embody Elevation of privilege Kind of a threat. REFERENCE:-https://www.lucidchart.com/pages/data-flow-diagram#https://security.stackexchange.com/questions/166552/trust-boundary-definition-and-example https://www.lucidchart.com/pages/swimlane-diagram https://ucumberlands.blackboard.com/webapps/blackboard/execute/content/file?cmd=view=_1164208_1=_98993_1