ABSTRACT
Information is the essence of IT systems. Most modern
systems exist primarily to store, process, and share infor-
mation. We consider information flow to include the afore-
mentioned activities associated with information. These
activities can be highly dynamic and complex. Some of
the information flowing within an IT system requires
appropriate security measures and controls. Information
security practitioners must understand the dynamic nature
of information flows within a system to be able to deter-
mine if the appropriate controls are in place and function-
ing as intended.