I have just started a cybersecurity assignment and this is my first use of DFD. I have started off by attempting to build one according to literature on the web. I just wanted to know if somebody could give feedback on improvements and referring to the correct usage of DFD principles
Here is what I have made:
Which is according to the brief given A hospital has just started using tablet computers to view patient records and organise employee TO-DO lists (e.g., patients to be seen by a specific doctor). Beds with sensors are connected to a local area network. A medical team space will have a projector, PC for medical image display and voice over IP (voip) devices for conference calls. They have setup two servers: 1) A imaging database that holds patient scans; and 2) a relational database with patient and employee task information (table names: PATIENTS, STAFF, STAFF_TASKS). A secure area exists where patient scanning is carried out and radioactive sources are stored. Doctors will have access to limited data from home computers and mobile devices typically using a Wi-Fi network – including their work/office Wi-Fi network. They use this access to review images and organise tasks for the following day.
The primary danger in a DFD, is to add a process for every element found in the narrative, and show all the elements at the same level.
In a DFD, the rectangles are processes that process data. Wifi and internet are not processes, but media that transfer the information. They are part of the arrows between the processes. Therefore mixing high level system elements such as databases and services with low level network elements like wifi and modems will make difficult to analyse the real issues. For example, a cell phone connected to the wifi and at the same time to the internet via cellular might create a way to (involuntarily) circumvents the firewall.
This causes several inconsistencies in your diagram. For example:
A better approach is to draw your DFD in layers: You start with the high level system components that matter to the user, and see how they exchange information. And you then go down in more detailed diagrams that will show the technical details like the network interfaces that are used by each of these high-level components.