Select Git revision
1_Introduction.tex
-
James D'Alton authoredJames D'Alton authored
1_Introduction.tex 4.48 KiB
%% ----------------------------------------------------------------
%% 1_Chapter1.tex
%% ----------------------------------------------------------------
\chapter{INTRODUCTION}
\section{Overview}
Many businesses require their partners to comply with numerous and varied cyber security compliances, of which there are literally hundreds. Cyber supply chain risk management (CSCRM) differs from cyber security, by gaining a higher degree of governance over the company in question, and over its extended enterprise partners, such as all its suppliers and customers. Whereas cyber security only considers security of a technical nature, CSCRM attempts to encompass both managerial and human factors in preventing risks from disrupting IT systems\textquoteright\ operations. \cite{CSCRM}
The following section will give an overview of the project\textquoteright s goals and objectives. The subsequent sections will go on to talk about compliance in cyber security, cyber crime, supply chains and the impacts of security breaches on businesses, use cases, requirements, risks and functionality for the proposed application, followed by the proposed design of the implementation for the application.
\section{Problem}
Keeping track of each company\textquoteright s compliance to a specific standard is a lengthy and potentially expensive task since it can be very difficult to maintain without the use of an external service or consultant. Due to the time and experience level required, it is unlikely to be a task a system administrator would be able to perform in addition to their other responsibilities, and a specialist will, in all likelihood, be too expensive for most SMEs.
An automatically generated cyber security compliance form engine, could provide a low cost, time efficient solution for businesses that need a flexible, customisable way of tracking their partner\textquoteright s compliance - or their own compliance - with multiple standards.
\section{Aim}
Ultimately, the goal of the project is to enable organisations to maintain and improve their cyber security by adhering to various compliance standards such as the guidelines set out by the UK government's Cyber Essentials scheme. The scheme aims to protect organisations from a range of attacks that could be carried out by relatively unskilled individuals - the most common cyber threat to businesses. \cite{CyberEssentials}
\subsection{Research}
A thorough review of relevant literature will be required to fully understand the problem and the existing solutions, if any exist. If they do, an assessment of possible improvements that could be made to those solutions should also be executed. A section detailing the analysis of the requirements for the project will be required to determine and gauge the feasibility and enable the planning and design of the application itself. This should include an assessment of likely risks to the project.
\subsection{Development and Testing}
The implementation of the web application, in a manner which allows for easy maintenance, extensions and other improvements at a later date. To ensure the functionality of all parts of the application, a testing system should also be implemented - set up as continuous integration with regression testing. This software validation should be automated for consistency and to save time.
\subsection{Analysis and Evaluation}
An analysis of the results of the testing and of the implementation should be carried out after it is finalised, to establish adherence to the designs and assure the quality of the code. Furthermore, an evaluation of this project and its management should be performed. Finally, a summary of possible future work that could be carried out should be developed, to improve upon this project and/or extend it.
\subsection{Functionality}
The goal of the application is to have a system that will generate and store compliance forms for the end-user. The forms will be automatically generated via an interface on the application by a user, and accessible by \textquoteleft partners\textquoteright. Partners will be other users that can be added by the primary user, much like friends or followers on a social media application. Users will be able to update the forms\textquoteright\ parameters, and partners will be able to update their answers to the forms, later on. This project is a cloud-based application, and it will deal with cyber security compliance only - no other forms of compliance will be within the scope of this project.