DFA Template
DFA Template
DFA Template
Introduction
Data flow analysis assists in the following:
–Analyzing the business processes and identifying the leakage points
–Identify approved usage, movement and exposure points
–Identify type, classification, and risk of the information
–Identify sender & recipient rights
–Performing data flow analysis to identify critical information
The single point of contact for each Business Unit are expected to provide the list of key critical business processes and
Gaps identified during DFA will be highlighted & classified, based on which the recommendations will be provided
Classification Criteria
Secret: Secret information is the most sensitive form of information. It is so sensitive that disclosure or usage w
Extremely restrictive controls need to be applied (e.g., very limited audience and those who are authori
Examples include strategic plans, investment decisions etc.
Confidential: Confidential information is a sensitive form of information. This information is distributed on a “Need to
needs to be communicated to your organisation entities will fall in this category.
Examples include employee personal information, business plans, unpublished financial statements, Mi
etc.
Internal: Such information is the property of your organisation. Your organisation have the sole right over this in
have rights to the information, such as a plan member having access rights to their contract). This form
externally or with third parties.
Examples include staff memos, company newsletters, staff awareness program documentation or bulleti
Public: Sharing of such information does not have any impact on the confidentiality of the Information Asset an
comes from public sources or is provided by your organisation to the general public.
Examples include periodicals, public bulletins, published company financial statements, published press
Confidential
DATA FLOW ANALYSIS (DFA)
nt of contact for each Business Unit are expected to provide the list of key critical business processes and the flow of involved data
d during DFA will be highlighted & classified, based on which the recommendations will be provided
tion Criteria
Secret information is the most sensitive form of information. It is so sensitive that disclosure or usage would have a definite impact on organisation’s b
Extremely restrictive controls need to be applied (e.g., very limited audience and those who are authorized to have such form of information).
Examples include strategic plans, investment decisions etc.
Confidential information is a sensitive form of information. This information is distributed on a “Need to Know” basis only. Any non-public information
needs to be communicated to your organisation entities will fall in this category.
Examples include employee personal information, business plans, unpublished financial statements, Minimum Baseline Security Configurations, Firewa
etc.
Such information is the property of your organisation. Your organisation have the sole right over this information (exception: subjects of the informatio
have rights to the information, such as a plan member having access rights to their contract). This form of information must be used within your organ
externally or with third parties.
Examples include staff memos, company newsletters, staff awareness program documentation or bulletins, Service Contracts, Backup Tapes and CDs, et
Sharing of such information does not have any impact on the confidentiality of the Information Asset and thus has a Very low Confidentiality rating. Th
comes from public sources or is provided by your organisation to the general public.
Examples include periodicals, public bulletins, published company financial statements, published press releases, etc.
ganisation’s business.
tion).
Docume
(Type "a" for selectio
Sr No. Process Name Document Name Document Type of information XLS XLSX XLM CSV
Classification
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
W ANALYSIS - DOCUMENT DETAILS
DOC DOCX PDF TXT PPT PPTX EXE Other Fixed Critical Keywords
Format Template ?
ed Parameters
Critical Patterns Fixed File Fixed File Name Comment
Name?
Select Response
Yes
No
Yes
SR
Select Response
Yes
No
Category Department 1 Department 2 Department 3
Enforce Encryption:
List of register Device
Department 4 Department 5
Category Department 1 Department 2 Department 3 Department 4
Backup
Code Repository
Email Application
Encryption
FTP
IM
Internet Browser
P2P
Screen Sharing
SSH
VoIP
System application
Other application
Browsing allowed
( Mention category/url's
or both)
Department 5
Category Department 1 Department 2 Department 3
Upload on HTTP/HTTPS
Allow on all
Block on all
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies: