Please enable JavaScript.
Coggle requires JavaScript to display documents.
Exploration of the Data Problem - Coggle Diagram
Exploration of the Data Problem
Data Security
What is data security?
Data security is the process of safeguarding digital information throughout its entire life cycle to protect it from corruption, theft, or unauthorized access.
What is the importance of data security?
Reputational Risk - must provide clients and users with privacy and adequate security
Confiendtiality - all user information stored in confidential conditions
Integrity - using data only for the intended purposes
Avalibility is completely restricted with no access to the public
Legal Obligations - protect customer and user data from being lost or stolen and ending up in the wrong hands
Data Theft - illegal transfer or storage of personal, confidential, or financial information. This could include passwords, software code or algorithms, and proprietary processes or technologies.
Safety Reccomendations
Restrict levels of access to the web application using precoded student IDs and password access based on a database containing student information.
Store passwords in hashed form in database after user information is collected when signing up to web application
Encryption
Symmetric Keys - Symmetric encryption uses a single key that needs to be shared among the people who need to receive the message
HTTP/HTTPS/VPN - encrypts all webtraffic and network traffic between the web browser and server, or between the device and internet provider.
Asymmetric Keys - Asymmetric encryption uses a pair of public key and a private key to encrypt and decrypt messages when communicating.
Web Application
The web application must be work cooperatively with the chosen data environment and exchange data effectively. It must also display the data in an orderly way and be able to filter through the data provided based on input from the user.
Data Exchange
Coding Environment
Analyse data using pre-programmed algorithms
Read JSON file and create logical output able to be filtered
Programme algorithms using PHP
API Format
JSON
XML
CSV
Website design and interface created using HTML and CSS
Public/Private Keys
Users have access to private keys when using the web application
Data Environment
Input requirements
Stored in Variables
Data entered into the program digitally
Input API data into the code, allow for creation of variables and ability to be processed
Output requirements
Must present the API input as logical data, able to be read and filtered
System Requirements
Web application must effectively provide a gloabl news interface that allows for filtering of the data
Users must be able to register, and can only register with a student ID that will be stored in the user data base.
Web application must use a public API and use current global data
API
What is an API?
It is a type of software interface, offering a service to other pieces of software.
API principle types
Public
Free for all to access
Private
has its application hosted with in-house developer
Partner
Composite
API Types
Dynamic - A dynamic API is an application, running on a web server, that performs actions for and delivers data (typically as JSON) to the requesting user
Static - A static API is simply a collection of flat JSON files that live on a content delivery network (CDN)
API Encryption
Encrypting API means any intercepted requests or responses are useless to intruders without the right decryption method
API uses either AES 128-bit or AES 256-bit encryption
UXI
Principles
Accessability
Utility
Effectiveness
Learnability
Safety
Experience
What does the client need - An effective application that presents data sourced from an API
Focus on the values, abilities and limiatations of the clients
Provide safe and secure access to the web application
Interface
Registration Area for users
Need to validate user information
Provide meaningful error messages if the forms are not filled correctly
Webpage made compatible with data exchange
HTML, CSS, PHP
No need for Administration access
Data Filtering
filters to add extra logic before or after action method executes. Filters can be used to provide cross-cutting features such as logging, exception handling, performance measurement, authentication and authorization
Australian Privacy Principles
An data storage entity must take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure.