A data-flow diagram (SDFD) is a graphical representation of the "flow" of data through an information system. SDFDs are ideal mechanisms to understand the threats that information/systems are subject to and/or the security treatments are in place to address said threats.
SDFD's are often an effective mechanism to provide assurance as they provide a simple means of communicating a design and demonstrating compliance with objectives and alignment with prevailing good practices.
SDFD development encompasses:
- Interviews with relevant personnel;
- Review of relevant documentation;
- Consideration of threat agents and risk scenarios;
- Consideration of and benchmarking against design objectives;
- Consideration of and benchmarking against prevailing good practice; and,
- Documentation of SDFD.
View a sample here:
