Question

In: Computer Science

Subject: Security Policy & Procedures Describe what a Data Flow Diagram is and why it is...

Subject: Security Policy & Procedures

Describe what a Data Flow Diagram is and why it is useful for IT auditing. One paragraph should describe what a Data Flow Diagram is, and the second paragraph should describe why it is useful for IT auditing.

Solutions

Expert Solution

What is a data flow diagram (DFD)?

A picture is worth a thousand words. A Data Flow Diagram (DFD) is a traditional way to visualize the information flows within a system. A neat and clear DFD can depict a good amount of the system requirements graphically. It can be manual, automated, or a combination of both.

It shows how information enters and leaves the system, what changes the information and where information is stored. The purpose of a DFD is to show the scope and boundaries of a system as a whole. It may be used as a communications tool between a systems analyst and any person who plays a part in the system that acts as the starting point for redesigning a system.

It is usually beginning with a context diagram as level 0 of the DFD diagram, a simple representation of the whole system. To elaborate further from that, we drill down to a level 1 diagram with lower-level functions decomposed from the major functions of the system. This could continue to evolve to become a level 2 diagram when further analysis is required. Progression to levels 3, 4 and so on is possible but anything beyond level 3 is not very common. Please bear in mind that the level of detail for decomposing a particular function depending on the complexity that function.

Useful for IT auditing

The critical ingredients involved in planning an IT audit are an appreciation of the IT environment, understanding the IT risks and pinpointing the resources required to carry out the work. We will cover each in turn.

The IT environment - An appreciation of the IT environment flows from an understanding of the internal IT procedures and operations of the subject under review. This cannot be stressed enough. Without this basic understanding it is likely that audit work will be misdirected, raising the risk of drawing unsuitable or incorrect conclusions. This initial research work should involve a high level review of the IT procedures and control environment in place focusing on the basic principles of IT security which are Confidentiality, Integrity and Availability. At a minimum, the areas covered at this stage would be:

a) Change Management, i.e. the change controls around software and hardware updates to critical systems;

b) Access Security i.e. the access controls enforced to enter the systems both internally and externally, and;

c) Business Continuity and Disaster recovery i.e. the ability of an enterprise to safeguard information assets from unforeseen threats or disasters and how to quickly recover from them.

Having this level of understanding will enable the IT auditor to plan out their work efficiently and effectively.

IT risks - As is the case for other types of professionally handled audit work, these days most IT auditors apply the risk-based approach to planning and performing their work. This involves identifying the most important risks, linking these to control objectives and identifying specific controls to mitigate these risks. In this respect, IT auditing standards/guidelines (e.g. ISO 27001 & COBIT 5) may be used by the IT Auditor to identify or advise on controls that will reduce the risks identified to an acceptable level.

Resources required – The last important piece in the audit planning jigsaw is to assess the amount of work involved including the need for specialist expertise. With the timing and availability of suitable IT audit human resources typically being a challenge, getting this step right should result in higher quality and lower cost audit work.


Related Solutions

What is the meaning of the term cash flow? Why is this term subject to confusion...
What is the meaning of the term cash flow? Why is this term subject to confusion and misrepresentation? In addition, discuss the importance to analysis of the statement of cash flows. Identify factors entering into the interpretation of cash flows from operations.
What are the primary steps in a Data Flow Diagram for a Payroll Account with External...
What are the primary steps in a Data Flow Diagram for a Payroll Account with External Controls in the process?
1. Is it a security policy? 2. What type of security policy is described?
1. Is it a security policy? The textbook defines a security policy as, "... an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization". Is your selected document a security policy per this definition? If not then describe its purpose. Note that some items on this list may not really be security policies per this definition.2. What type of security policy is described? Assuming the document is...
why the resource planning required for security policy
why the resource planning required for security policy
Subject : the health care policy development Describe their roles in the policy development process?
Subject : the health care policy development Describe their roles in the policy development process?
Describe with examples, the various layers of security that are critical to your security plan policy.
Describe with examples, the various layers of security that are critical to your security plan policy.
Having security policies and procedures that document and manage access to critical data and technology is...
Having security policies and procedures that document and manage access to critical data and technology is one thing, but actually controlling the access is another. Describe and evaluate how authentication controls can enforce security policies within an organization.
Develop and explain the operation of project chater data flow diagram
Develop and explain the operation of project chater data flow diagram
How can hospitals use big data to improve on their policy and procedures
How can hospitals use big data to improve on their policy and procedures
Diagram and describe photorespiration. Why does it occur? Diagram and describe the C4 and CAM pathways...
Diagram and describe photorespiration. Why does it occur? Diagram and describe the C4 and CAM pathways and explain how they reduce photorespiration. Why don’t all plants use these pathways? (no bullet points, essay format)
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT