diff --git a/report/0_Abstract.tex b/report/0_Abstract.tex
index 935aa2ab7af48f99ef2a6aed3a5b9a0bbe752c3a..a589b1357d2c559ea6151df7cd1d6ae62599bfca 100644
--- a/report/0_Abstract.tex
+++ b/report/0_Abstract.tex
@@ -1,7 +1,7 @@
\section*{Abstract}
-Hundreds of cyber security standards exist, and many businesses require their partner companies and/or members of their supply chain to comply with various and numerous of these standards. Keeping track of each company's compliance to a particular standard is a lengthy and potentially expensive process since it can be very difficult to maintain without the use of an external service or consultant and most SMEs will be unable to afford this. Due to the required time and level of experience it may not be something a system administrator could do in addition to their normal responsibilities leaving only the cost alternative of a specialist consultant.
+Hundreds of cyber security standards exist, and many businesses require their partner companies and/or members of their supply chain to comply with these various and numerous standards. Given difficulties and expense in tracking such companies' compliance standards without the use of expensive external partners, most companies find this a significant challenge. Time and experience constraints by administrators often prevent such tracking in addition to their normal duties leaving only the cost alternative of a specialist consultant.
-To this end, an engine that automatically generates cyber security compliance forms would provide a low cost, time efficient solution for businesses that need a flexible and customisable way of tracking their partners' compliance (or their own compliance) with multiple standards.
+To address this need, an engine that could automatically generate cyber security compliance forms would provide a low cost, time efficient alternative for businesses that need a flexible and customisable way to track their partners' compliance (or their own compliance) with multiple standards.
-Therefore the goal of this project is to create a web application system that will generate and store compliance forms for a non-technical end user and allow access to chosen partners. The scope of this project focuses on the cyber security field but has the potential, with future work, to explore alternative forms of compliance also.
\ No newline at end of file
+Therefore, this project's goal is to create a web application system that generates and stores compliance forms for non-technical end users and allows access to chosen partners. Whilst this project's focus is cyber security it has the potential, with future work, to also explore alternative forms of compliance.
\ No newline at end of file
diff --git a/report/1_Introduction.tex b/report/1_Introduction.tex
index 3179aa9f14e2225db15a35180727334748c87d3b..00bd25189c501673462e1673e44ea4e84b77dc83 100644
--- a/report/1_Introduction.tex
+++ b/report/1_Introduction.tex
@@ -4,30 +4,29 @@
\chapter{INTRODUCTION}
\section{Overview}
- Many businesses require their partners to comply with numerous and varied cyber security compliances, of which there are literally hundreds. % why are you talking about CSCRM?
- Cyber supply chain risk management (CSCRM) differs from cyber security, by gaining a higher degree of governance over the company in question, and over its extended enterprise partners, such as all its suppliers and customers. Whereas cyber security only considers security of a technical nature, CSCRM attempts to encompass both managerial and human factors in preventing risks from disrupting IT systems\textquoteright\ operations. \cite{CSCRM}
+ Many businesses require their supply chain partners to comply with wide-ranging cyber security compliance standards, of which there are many hundreds. Cyber supply chain risk management (CSCRM) differs from cyber security by gaining a higher degree of governance over the company in question, and over its extended enterprise partners such as all its suppliers and customers. \cite{CSCRM} Cyber security, however, only considers security of a technical nature, whereas CSCRM attempts to encompass both managerial and human factors in preventing risks from disrupting IT systems\textquoteright\ operations. \cite{CSCRM}
- The following chapter will give an overview of the project\textquoteright s goals and objectives. The subsequent chapters will go on to talk about compliance in cyber security, cyber crime, supply chains and the impacts of security breaches on businesses, use cases, requirements, risks and functionality for the proposed application, followed by the proposed design of the implementation for the application.
+ This chapter gives an overview of the project's goals and objectives. Subsequent chapters discuss compliance in cyber security, cyber crime, supply chains and the impacts of security breaches on businesses, use cases, requirements, risks and functionality for the proposed application, followed by the proposed design of the implementation for the application.
\section{Identification of the Problem}
- Keeping track of each company's compliance to a specific standard is a lengthy and potentially expensive task since it can be very difficult to maintain without the use of an external service or consultant. Due to the time and experience level required, it is unlikely to be a task a system administrator would be able to perform in addition to their other responsibilities, and a specialist will, in all likelihood, be too expensive for most SMEs.
+ Keeping track of each company's compliance to a specific standard is a lengthy and potentially expensive task as it can be difficult to maintain such compliance without the use of an external service or consultant. For time and experience reasons, it is difficult for system administrators to perform such tasks in addition to their other responsibilities. Therefore a specialist is required in many cases, which can be too expensive for most SMEs.
- An automatically generated cyber security compliance form engine, would provide a low cost, time efficient solution for businesses that need a flexible, customisable way of tracking their partner's compliance - or their own compliance - with multiple standards.
+ An automatic cyber security compliance form generation engine would provide a low cost, time efficient solution for businesses that need a flexible, customisable way of tracking their partner's compliance - or their own compliance - to multiple standards.
\section{Aim}
- Ultimately, the goal of the project was to enable organisations to maintain and improve their cyber security by adhering to various compliance standards, such as the guidelines set out by the UK government's Cyber Essentials scheme. The scheme aims to protect organisations from a range of attacks that could be carried out by relatively unskilled individuals - the most common cyber threat to businesses. \cite{CyberEssentials}
+ The goal of this project is to enable organisations to maintain and improve their cyber security by adhering to various compliance standards, e.g. the guidelines set out by the UK government's Cyber Essentials scheme. This scheme aims to protect organisations from a range of attacks that could be carried out by relatively unskilled individuals - the most common cyber threat to businesses. \cite{CyberEssentials}
\subsection{Research}
- A thorough review of relevant literature was required to fully understand the problem and the existing solutions, if any existed. If they did, an assessment of possible improvements that could be made to those solutions should also be executed. A chapter detailing the analysis of the requirements for the project was required to determine and gauge the feasibility and enable the planning and design of the application itself. This included an assessment of likely risks to the project.
+ A thorough review of relevant literature was required to fully understand the scope of the problem and the existing solutions, if any existed. If they were to exist, an assessment of possible improvements that could be made to those solutions was also executed. A chapter detailing the analysis of the requirements for the project was required to gauge and determine the feasibility and enable the planning and design of the application itself. This included an assessment of likely risks to the project.
\subsection{Development and Testing}
- The implementation of the web application, in a manner which allows for easy maintenance, extensions and other improvements at a later date, was essential. To ensure the functionality of all parts of the application, a testing system was also implemented. This software validation was automated for consistency and to save time.
+ The implementation of the web application, should be done in a way that allows for easy maintenance, extensions and other improvements at a later date. To ensure the functionality of all parts of the application, a testing system was also implemented. This software validation was automated for consistency and to save time.
\subsection{Analysis}
- An analysis of the results of the testing and of the implementation was carried out after it was finalised, to establish adherence to the designs and assure the quality of the code.
+ An analysis of the test results and implementation was carried out after it was finalised to establish adherence to the designs and to assure the quality of the code.
\subsection{Evaluation}
- An evaluation of the whole project including its management was performed. Finally, a summary of possible future work that could be carried out to extend the potential of the project should be considered.
+ An evaluation of the whole project including its management was performed. Finally, an exploration of possible future work was carried out.
\section{Functionality}
- The goal of the application was to have a system that generates and stores compliance forms for the end-user. The forms are automatically generated via an interface on the application by a user, and accessible by \textquoteleft partners\textquoteright. Partners are other users that can be added by the primary user, much like friends or followers on a social media platform. Once added, users will be able to share forms with their partners, for them to complete and submit back to the user. Users are able to update the forms' parameters and partners are able to update their answers to the forms, at a later stage. This project is a cloud-based application and it will deal with cyber security compliance only - no other forms of compliance are within the scope of this project.
\ No newline at end of file
+ The goal of the application is a system to generate and store compliance forms for the end-user. The forms are to be automatically generated by the user via an interface on the application, and accessible by \textquoteleft partners\textquoteright. Partners are other users that may be added by primary users, much like friends or followers on a social media platform. Once added, users can share forms with partners, enabling them to complete and submit back to the user. Users can then update the forms' parameters and partners can update their answers to the forms at a later stage. This project is a cloud-based application and deals with cyber security compliance only - no other forms of compliance are within the scope of this project.
\ No newline at end of file
diff --git a/report/2_BackgroundAndLiteratureReview.tex b/report/2_BackgroundAndLiteratureReview.tex
index 81eeb43c4efd1237a8dcc75b92ab08c4aca0c251..99c866b59fede9b8a2eea54de2ea98b284f537f5 100644
--- a/report/2_BackgroundAndLiteratureReview.tex
+++ b/report/2_BackgroundAndLiteratureReview.tex
@@ -4,44 +4,44 @@
\chapter{BACKGROUND AND LITERATURE REVIEW}
\section{Crime}
- There has been a significant increase in cyber-criminal activity in recent years. \cite{GDPR} The methods used by criminals are currently changing as businesses begin to be targeted more frequently than individuals. \cite{GDPR} Cyber crime is growing at a rapid rate, making it increasingly troublesome for regulations and legislation to keep pace resulting in outdated laws that are often unfit for purpose. \cite{GDPR}
+ There is ever-increasing cyber-criminal activity. \cite{GDPR} Criminal methods used are currently changing as businesses are now targeted more frequently than individuals. \cite{GDPR} Cyber crime is growing rapidly, complicating the ability of regulations and legislation to keep pace. This results in outdated laws that become unfit for purpose. \cite{GDPR}
\section{Supply Chains}
- Supply chain management is a process essential for connecting major business actions and behaviours both internally and externally between organisations into a capable and effective business model. \cite{CSCRM} It encompasses all logistic management endeavours, not to mention manufacturing operations, and drives the coordination of activities across multiple business areas including marketing, sales, product design, finance, and IT. \cite{CSCRM}
+ Supply chain management is an essential process for interconnecting major business actions and behaviours both internally and externally between organisations to produce an effective overall integrated business model. \cite{CSCRM} Supply chain management encompasses all logistic management endeavours, including manufacturing operations, and drives the coordination of activities across multiple business areas including marketing, sales, product design, finance and IT. \cite{CSCRM}
\subsection{Supply Chain Security}
- Supply chain security concentrates on the threats linked to an organisation\textquoteright s suppliers of goods and services, many of which potentially have considerable access to assets belonging to the company or to its customer data. \cite{CombattingCyberRisks}
+ Supply chain security concentrates on the threats to any organisation's suppliers of goods and services, many of which often have considerable access to internal company or to its customer data. \cite{CombattingCyberRisks}
\section{Compliance}
- Compliance is a crucial, costly, and complex issue for any company to deal with. \cite{ComplianceGovernance} It relates to the conformance to a set of laws, regulations, policies, or best practices known as standards. \cite{ComplianceGovernance} Organisations are often required to take steps to put policies and controls in place ensuring conformity with the regulations outlined in their given compliance standard(s), the purpose of which is to safeguard the organisation against security threats.
+ Compliance is a crucial, costly, and complex issue for any company. \cite{ComplianceGovernance} It relates to conformance to a set of laws, regulations, policies, or best practices known as standards. \cite{ComplianceGovernance} Organisations are often required to put policies and controls in place ensuring conformity with the regulations outlined in their given compliance standard(s), the purpose of which is to safeguard the organisation against security threats.
\subsection{Compliance in Cyber Security}
- Cyber security is the aggregate of technologies, processes, and practices which were designed to shield computer networks, software and data from loss, theft or manipulation. \cite{CSCRM} Cyber security standards have existed for a long time, affecting the necessary policies and practices of individuals and organisations over the last several decades. \cite{StanfordConsortium} Various regulations and legislation often struggle to keep up with the latest cyber threats due to the rapid evolution of the field. \cite{GDPR} As a result of the expanding pool of available tools, there is an ever-increasing number of people able to access the world of cyber crime. This makes it all the more crucial that conforming to the latest standards becomes an imperative for every company, regardless of the size of the enterprise. The hope for this project is that it will help to enable organisations to achieve compliance with any given standard in a cost effective manner.
+ Cyber security is the aggregation of technologies, processes, and practices which are designed to shield computer networks, software and data from loss, theft or manipulation. \cite{CSCRM} Cyber security standards have long been in place governing company and individual policies and practices several decades. \cite{StanfordConsortium} Regulation and legislation is struggling to keep pace given the rapid evolution of this field. \cite{GDPR} With the expanding pool of available tools, there is also an ever-increasing pool of people capable of cyber crime. It is therefore essential that companies continually conform to the latest standards, regardless of the size of the enterprise. This project's aim is to enable cost effective organisational compliance with any given standard.
\subsection{Cyber Essentials}
- The UK Government worked with a number of other institutions to develop Cyber Essentials, a set of basic standards to help organisations defend themselves from common security threats online. \cite{CyberEssentials} The scheme is designed to prevent unskilled individuals from being able to find basic vulnerabilities in an organisation by providing advice, and two different levels of certification; \textquotedblleft Cyber Essentials\textquotedblright\ and \textquotedblleft Cyber Essentials Plus\textquotedblright. The former is a self-assessment designed to be light-weight and easy to follow, while in the latter, a certification body carries out the verification of the organisation\textquoteright s cyber security, instead of it being done by the company in question.
+ The UK Government has worked with a number of institutions to develop Cyber Essentials, a set of basic standards to help defend organisations from common online security threats. \cite{CyberEssentials} This scheme is designed to prevent unskilled individuals from finding basic organisational vulnerabilities by providing advice, and two different levels of certification; \textquotedblleft Cyber Essentials\textquotedblright\ and \textquotedblleft Cyber Essentials Plus\textquotedblright. The former is a self-assessment designed to be light-weight and easy to follow. The latter is a certification body independently carrying out the verification an organisation's cyber security.
\section{Impacts}
- Cyber attacks are financially devastating and disrupting to people and businesses. Successful attacks have the potential to expose personal information, leaving the victims of these security breaches vulnerable to fraud. \cite{CyberCrime} Victims are also left vulnerable to further attacks, using the information previously gathered by attackers.
+ Cyber attacks can financially devastate and disrupt people and businesses. Successful attacks can expose personal information, leaving the victims of these security breaches vulnerable to fraud. \cite{CyberCrime} Victims can then be left vulnerable to further attacks, using information previously gathered by attackers.
\subsection{The Effect on Business and Loss of Confidence}
- According to a survey by Ping Identity (a company that sells a number of cloud and software identity security solutions), 75\% of people stop engaging with a brand online following a data breach, 59\% say they are not willing to sign up to use an online service or application that had recently experienced a data breach. \cite{ITGovernance} In spite of this, a staggering 56\% said they were unwilling to pay any amount of money for additional security to protect their personal information. \cite{ITGovernance}
+ A Ping Identity survey (a company selling cloud and software identity security solutions,) states that 75\% of people stop engaging with a brand online following a data breach, with 59\% saying will not sign up to use online services or applications that have recently experienced a data breach. \cite{ITGovernance} Nevertheless, 56\% saying they were unwilling to pay for additional security to protect their personal information. \cite{ITGovernance}
\subsection{Legal consequences}
- GDPR requires proper management of all the personal information held by an organisation. \cite{BusinessInfo} If this information is compromised, and that organisation has neglected to deploy basic security measures, it is possible they will face fines and regulatory sanctions. \cite{BusinessInfo}
+ GDPR requires competent management of all personal information held by an organisation. \cite{BusinessInfo} Should such information be compromised where that organisation security negligent, face fines and regulatory sanctions can be imposed. \cite{BusinessInfo}
\section{Case Study: Pouring Pounds Ltd}
- Two cashback sites owned by Pouring Pounds Ltd were found to have leaked two terabytes worth of personally identifiable information and account data. This was made possible because of an unprotected database, which could be accessed through an exposed port on the company's server. The leak occurred in October 2019 and has affected approximately 3.5 million individuals. \cite{z6mag}
+ Two cashback sites owned by Pouring Pounds Ltd were found to have leaked two terabytes of personally identifiable information and account data because of an unprotected database, which was accessible through an exposed port on the company's server. The leak occurred in October 2019 and has affected approximately 3.5 million individuals. \cite{z6mag}
\section{Previous and Similar Work}
- Below is an overview and evaluation of two other products found during background research for the project.
+ There follows an overview and evaluation of two other products found during background research for this project.
\subsection{Formstack}
- Formstack boasts a drag and drop interface to allow quick and easy customisation of form creation, with various components for different data types and layouts allowing changes to be seen in real time. The product is aimed at developers and non-technical people, offering a time-saving way to build forms for a wide variety of different functions, including collecting payments, gathering customer data and automating day-to-day tasks. \cite{Formstack}
+ Formstack boasts a drag and drop interface to allow quick and easy form creation customisation, with various components used for different data types and layouts to allow changes to be viewed in real time (featured in Figure 2.2). This product is aimed at developers and non-technical people, offering a time-saving way to build forms for a variety of different functions, including collecting payments, gathering customer data and automating day-to-day tasks. \cite{Formstack}
- At the time of writing, the product has multiple pricing tiers, starting from \$19 USD per month with \textquoteleft Bronze\textquoteright\ and ending at \$249 USD per month for \textquoteleft Platinum\textquoteright\ which includes \textquotedblleft Advanced data collection features \& priority support\textquotedblright. \cite{Formstack} There is also an 'Enterprise' edition but pricing for this seems to be on a case-by-case basis.
+ At the time of writing, this product has multiple pricing tiers, from \$19 per month for \textquoteleft Bronze\textquoteright\ access to \$249 per month for \textquoteleft Platinum\textquoteright\ services which includes \textquotedblleft Advanced data collection features \& priority support\textquotedblright. \cite{Formstack} There is an 'Enterprise' edition where pricing is provided on a case-by-case basis.
\begin{figure}[H]
\center
@@ -56,7 +56,7 @@
\end{figure}
\subsection{Device Magic}
- With a broad focus that includes job reports, inspections, audits, work orders and invoices, Device Magic is a data collection application that allows users to create and complete mobile forms. \cite{DeviceMagic} One of the key selling points is the ability to use all the features of the app when offline. It possesses an easy-to-use drag and drop user interface similar to that of Formstack and also allows users to preview forms in mobile format when creating them on a desktop. \cite{DeviceMagic} In addition it also features the capability to capture rich data (such as images), and to automate workflows, for example, allowing a form submission to trigger another form to be sent. \cite{DeviceMagic}
+ With a broad focus that includes job reports, inspections, audits, work orders and invoices, Device Magic is a data collection application that allows users to create and complete mobile forms. \cite{DeviceMagic} One of the key selling points is the ability to use all application features app when offline. It possesses an easy-to-use drag and drop user interface similar to that of Formstack and allows users to preview forms in mobile format when creating them on a desktop. \cite{DeviceMagic} In addition it features rich data capture (such as images), and to automate workflows, e.g. enabling a form submission to trigger another form to be sent. \cite{DeviceMagic}
\begin{figure}[H]
\center
@@ -71,4 +71,4 @@
\end{figure}
\subsection{Evaluation and Comparison of Existing Products}
- The range of customisations available in Formstack and Device Magic make them a generic solution when compared to the specialised nature proposed in this project. This project will have a more streamlined interface and method for form creation. Compliance forms have a more straightforward and predictable structure, a fact which has been taken advantage of during the design phase (see Chapter 4: Design).
\ No newline at end of file
+ The range of customisations available in Formstack and Device Magic make them a generic solution for form creation and customisation when compared to the specialised nature proposed in this project. While the general layout was a good starting point for my own design, this project has a more streamlined interface and method for form creation. Compliance forms have a more straightforward and predictable structure, a fact which has been exploited during the design phase (see Chapter 4: Design).
\ No newline at end of file
diff --git a/report/3_RequirementsAndAnalysis.tex b/report/3_RequirementsAndAnalysis.tex
index 79e02bf13d8d7d4ae718747a68e33645f480fa03..c24a62f8fb3e01c0f91e8e71f8a79ba19f8db1ea 100644
--- a/report/3_RequirementsAndAnalysis.tex
+++ b/report/3_RequirementsAndAnalysis.tex
@@ -3,7 +3,7 @@
%% ----------------------------------------------------------------
\chapter{REQUIREMENTS AND ANALYSIS}
-This chapter will analyse the requirements of the proposed application and inform the design decisions that have been made.
+This chapter analyses the requirements of the proposed application and informs the design decisions that have been made.
\section{Use Cases}
Use cases describe the various interactions between external actors and a given system as part of the Unified Modelling Language (UML). They are used in this chapter to define the interactions between users and the proposed application.\\\\
@@ -33,7 +33,7 @@ This chapter will analyse the requirements of the proposed application and infor
\umlinherit{User}{submitForm}
\umlinherit{User}{signOut}
\end{tikzpicture}
- \caption{Use Case Diagram 1}
+ \caption{Use Case Diagram 1: Functionality}
\end{figure}
\begin{figure}[H]
@@ -59,7 +59,7 @@ This chapter will analyse the requirements of the proposed application and infor
\umlinclude{dashboard}{addPartner}
\umlinclude{dashboard}{signOut}
\end{tikzpicture}
- \caption{Use Case Diagram 2}
+ \caption{Use Case Diagram 2: Dashboard requirements}
\end{figure}
\clearpage
@@ -85,7 +85,7 @@ This chapter will analyse the requirements of the proposed application and infor
\hline
Edit form button & \makecell{Allows the user to change the questions and/or\\responses of a form.}\\
\hline
- Delete form button & \makecell{Allows the user to permanently delete forms (but\\only forms that they have created).}\\
+ Delete form button & \makecell{Allows the user to permanently delete forms that\\they have created. A user cannot delete\\ other users' forms.}\\
\hline
Add partner button & \makecell{Allows the user to search for other users' accounts\\and add them as partners.}\\
\hline
@@ -106,45 +106,45 @@ This chapter will analyse the requirements of the proposed application and infor
Requirement & Description\\
\hline
\hline
- Register & \makecell{New users will create an account before being allowed to use\\the application.}\\
+ Register & \makecell{New users create an account before being allowed to use\\the application.}\\
\hline
- Sign in & \makecell{Users will need to log in before they are able to\\access their account, create, share, and complete forms.}\\
+ Sign in & \makecell{Users log in before they are able to access\\their account, create, share, and complete forms.}\\
\hline
- Sign out & Users will be able to sign out of the application.\\
+ Sign out & Users can sign out of the application.\\
\hline
- Create a form & \makecell{Users will be able to create a new form which will be saved to\\their account.}\\
+ Create a form & \makecell{Users are able to create a new form which will be saved to\\their account.}\\
\hline
- View a form & \makecell{Users will be able to view created forms including questions\\and possible responses.}\\
+ View a form & \makecell{Users are able to view created forms including questions and\\possible responses.}\\
\hline
- Share a form & \makecell{Users will be able to share a form that they have created with\\a partner.}\\
+ Share a form & \makecell{Users are able to share a form that they have created with a\\partner.}\\
\hline
- Edit a form & \makecell{Users will be able to edit created forms, including questions\\and possible responses.}\\
+ Edit a form & \makecell{Users are able to edit created forms, including questions and\\possible responses.}\\
\hline
- Delete a form & \makecell{Users will be able to delete a form that they have created.}\\
+ Delete a form & \makecell{Users are able to delete a form that they have created.}\\
\hline
- Submit a form & \makecell{Users will be able to complete and submit responses for each form\\back to the form's author.}\\
+ Submit a form & \makecell{Users are able to complete and submit responses for each form back\\to the form's author.}\\
\hline
- Add a partner & \makecell{Users will be able to view and edit their account information\\including name, email, company and password (latter not viewable).}\\
+ Add a partner & \makecell{Users are able to view and edit their account information\\including name, email, company and password (latter not viewable).}\\
\hline
\end{tabular}
\caption{Functional Requirements}
\end{table}
\subsection{Functional Requirements Analysis}
- An importance level has been assigned to each of the functional requirements, in order to effectively plan the work to be done in order to create the minimum viable product. An additional table shows how the importance levels have been determined for each requirement.\\
+ An importance level has been assigned to each of the functional requirements, to effectively plan the work in order to create the minimum viable product. An additional table shows how the importance levels have been determined for each requirement.\\
\begin{table}[H]
\centering
\begin{tabular}{|c||c|c|c|c|c|}
\hline
- Time\textbackslash Complexity & Low & Medium & High\\
+ \makecell{Complexity/\\Time} & Low & Medium & High\\
\hline
\hline
Short & \cellcolor{Green}0.0625 & \cellcolor{Green}0.125 & \cellcolor{Yellow}0.25\\
\hline
Medium & \cellcolor{Green}0.125 & \cellcolor{Yellow}0.25 & \cellcolor{Yellow}0.5\\
\hline
- Long & \cellcolor{Yellow}0.25 & \cellcolor{Yellow}0.5 & \cellcolor{Red}0.75\\
+ Long & \cellcolor{Yellow}0.25 & \cellcolor{Yellow}0.5 & \cellcolor{Red}1\\
\hline
\end{tabular}
\caption{Importance Levels}
@@ -192,27 +192,31 @@ This chapter will analyse the requirements of the proposed application and infor
Requirement & Description\\
\hline
\hline
- Internet connection & \makecell{The application will be hosted online, therefore users will require\\a connection to the internet in order to access the application.}\\
+ Internet connection & \makecell{As the application is to be hosted online, users will require\\an internet connection.}\\
\hline
- Confidentiality & \makecell{The application will need to keep the personal information of\\ its users safe from third parties and malicious individuals.}\\
+ Confidentiality & \makecell{The application needs to keep the personal user information\\safe from third parties and malicious attacks.}\\
\hline
Integrity & \makecell{The application must present accurate information in an\\ easy-to-understand format.}\\
\hline
- Availability & \makecell{The application must always be accessible. Loss of\\ Availability could lead to users leaving the application for\\ more reliable competitors.}\\
+ Availability & \makecell{The application must always be accessible. Loss of\\availability could lead to users leaving the application for\\ more reliable competitors.}\\
\hline
\end{tabular}
\caption{Non-Functional Requirements}
\end{table}
+\section{SWOT Analysis}
+
+\section{Muscow Analysis}
+
\section{Risk Analysis}
- The following risk analysis has been produced, based on the requirements above and potential risks to the application. A rating system, similar to that of the importance levels for the functional requirements, has been devised for the risk level.\\
+ The following risk analysis has been produced, based on the requirements above and potential risks to the application. A rating system, similar to that of the importance levels for the functional requirements, has been devised for risk levelling.\\
\begin{table}[H]
\centering
\begin{tabular}{|c||c|c|c|c|c|}
\hline
- Probability\textbackslash Consequence & Negligible & Minor & Moderate & Major & Catastrophic\\
+ \makecell{Consequence/\\Probability} & Negligible & Minor & Moderate & Major & Catastrophic\\
\hline
\hline
Impossible & \cellcolor{Green}0 & \cellcolor{Green}0 & \cellcolor{Green}0 & \cellcolor{Green}0 & \cellcolor{Green}0\\
@@ -240,7 +244,7 @@ This chapter will analyse the requirements of the proposed application and infor
\hline
\makecell{Network\\loss} & High & Minor & \cellcolor{Green}0.1875 & Frequent update of database.\\
\hline
- \makecell{Data\\loss} & Low & Catastrophic & \cellcolor{Yellow}0.25 & Redundant database.\\
+ \makecell{Data\\loss} & Low & Catastrophic & \cellcolor{Yellow}0.25 & Redundancy within database.\\
\hline
\makecell{Security\\breach} & Medium & Catastrophic & \cellcolor{Yellow}0.5 & \makecell{Follow good practice for secure\\development of cloud applications.}\\
\hline
@@ -252,6 +256,8 @@ This chapter will analyse the requirements of the proposed application and infor
\caption{Risk Analysis}
\end{table}
+\section{Contingency Planning}
+
\section{Functionality}
Below is a series of diagrams which describe the flow of some of the primary pieces of functionality in the application. They show the logic behind various aspects of the application, as well as some of the infrastructure that will be in place.
@@ -404,7 +410,7 @@ This chapter will analyse the requirements of the proposed application and infor
\begin{figure}[b]
\center
- \begin{tikzpicture}[to/.style={->,>=stealth',shorten >=1pt,semithick,font=\sffamily\footnotesize}, every node/.style={scale=0.85}]
+ \begin{tikzpicture}[to/.style={->,>=stealth',shorten >=1pt,semithick}, every node/.style={scale=0.85}]
% components
\node [component] (user) {User};
\node [component, below of=user] (react) {React Frontend};
diff --git a/report/4_Design.tex b/report/4_Design.tex
index 764afe0d4acb921ebe6a501d94befad74b2994cd..392f06e16a72c8da0e41d960ccc5cc7785b81427 100644
--- a/report/4_Design.tex
+++ b/report/4_Design.tex
@@ -3,33 +3,33 @@
%% ----------------------------------------------------------------
\chapter{DESIGN}
-The design of the web application will be based on the requirements established in the previous chapter, coupled with standards for user friendly interfaces and the user experience.
+The design of the web application will be based on the requirements established in the previous chapter, coupled with standards for friendly user interfaces (UI) and the user experience (UX).
\section{Conducting User Research}
- In order to design a good user interface, one needs to take into account who the user is and what kind of interface will suit them.
+ To design a good user interface, who the user is and the most suitable interface needs to be taken into account.
- In an SME, any one person could be in charge of compliance, from an employee in IT to someone in an administration role or even the CEO. In light of the fact that the application must allow for both technical and non-technical users, the design must be as accessible as possible. In order to ensure accessibility, the application will be designed with non-technical users in mind, and to that end will also be tested and evaluated by them.
-
- \subsection{Competitor Research}
- Existing products have been evaluated in chapter 2. As previously stated, the design of these products is unnecessarily bloated for the purpose of producing cyber security compliance forms. Such products are designed to generate many other form types, whereas this product capitalises on the simple structure of compliance to streamline the design of the tool needed to build them.
+ In an SME, any person could be responsible for compliance, e.g. employee, IT, administration, even the CEO. Due to the necessity for the application to allow for both technical and non-technical users, the design must be as accessible as possible. To ensure accessibility, the application should be designed with non-technical users in mind.
\subsection{User Personas}
- Creating personas allows the production of dependable, authentic representations of the target user group, in order to perform stakeholder analysis. \cite{Personas}
+ Creating personas allows the production of dependable, authentic representations of the target user group, to perform stakeholder analysis. \cite{Personas}
\begin{itemize}
\item
- Alan is a 35-year-old head of IT at a small company. He is very capable when it comes to maintaining the company's network and cyber security but does not know anything about the level of security at other organisations in his company's supply chain. He is aware that those organisations could be compromised and used as an attack vector to infiltrate the company network and steal valuable data or do other serious harm.
+ Alan is a 35-year-old CEO at a small tech startup. Since he started the company from scratch and with his previous experience as a developer, he is competent when maintaining the company's network and cyber security but he does not know about the level of security at other organisations in his company's supply chain. He is aware that those organisations could be compromised and used as an attack vector to infiltrate his company's network to steal valuable data or do other serious harm.
\item
- Emily is a 22-year-old computer science graduate, tasked with producing some cyber security best practices for her company to follow, in order for it to fend off the basic attacks that could be carried out by an unskilled individual. She knows about cyber security best practices from some of her modules at university but is not sure where to start with producing compliance forms for her company to follow.
+ Emily is a 22-year-old computer science graduate, tasked with producing some cyber security best practices for her company to follow, to fend off basic attacks by an unskilled individual. She knows about cyber security best practices from her university modules but is not sure where to start when producing compliance forms for her company to follow.
\item
- Bob is a 57-year-old systems administrator at a medium sized company that has just undergone a merger with another firm. He is tasked with combining the cyber security compliance standards that both former companies were using into a single standard for the new company to follow.
+ Robert is a 57-year-old systems administrator at a medium sized company that has just undergone a merger with another firm. He is tasked with combining the cyber security compliance standards for both former companies into a single standard for the new merged company to follow.
\end{itemize}
+\section{Competitor Research}
+ Existing products have been evaluated in chapter 2. As previously stated, the design of these products is unnecessarily bloated for the purpose of producing cyber security compliance forms. Such products are designed to generate many other form types, whereas this product capitalised on the simple structure of compliance to streamline the design of the tool needed to build them. However, the basic layouts of the applications are well-suited and served as an excellent starting point from which to build the design.
+
\section{User Flows and Wireframes}
- This section will illustrate the flow of the application from beginning to end, similar to the flow charts in chapter 3, but with wireframes representing the UI and how each page will transition to another.
+ This section illustrates the application flow from start to finish, similar to flow charts in chapter 3, but with wireframes representing the UI and how each page transitions to another.
\subsection{Wireframes} % 2D outline of single page
TODO: Sign in / Sign up wireframe
@@ -47,26 +47,28 @@ The design of the web application will be based on the requirements established
\section{Material-UI}
- Material-UI is a popular React UI framework for faster and easier web development. It has a massive suite of components that help with building a fully customisable UI. It is incredibly well documented, and receives regular monthly updates from its developers. For these reasons, Material-UI has been used for many of the components in this project in order to increase development speed.
+ Material-UI is a popular React UI framework for faster and easier web development. It has a large suite of components that assist with building a fully customisable UI. It is well documented, and receives regular monthly updates from its developers. For these reasons, Material-UI has been used for many of the components in this project to increase development speed.
\section{Minimum Viable Product}
- The Minimum Viable Product (MVP) is the encapsulation of the core features that allow an application to function. While not fully functional, it will have the necessary functionality to allow the application to work at its most basic level, and it provides a solid starting point for a project to work towards.
+ The Minimum Viable Product (MVP) encapsulates the core features that allow an application to function. While not fully functional, it will have the necessary functionality to allow the application to work at its most basic level, and it provides a solid starting point for a project's development.
- In the case of CompForge, the core features have been listed below:
+ For CompForge, these are the core features making up the MVP:
\begin{itemize}
\item Register
\item Sign in
\item Sign out
\item Create Form
- \item View Form
\item Share Form
- \item Delete Form
\item Submit Form
\end{itemize}
+ The remaining features not necessary for the MVP, but still planned as part of the application are listed below:
+
\begin{itemize}
+ \item View Form
\item Edit Form
+ \item Delete Form
\item Add Partner
\end{itemize}
\ No newline at end of file
diff --git a/report/5_Implementation.tex b/report/5_Implementation.tex
index 073e263fbf563c75d25aaf7626f0dcd673697f3b..6309007273cc56e52ed58de27a31f6e76d7bc43f 100644
--- a/report/5_Implementation.tex
+++ b/report/5_Implementation.tex
@@ -4,14 +4,14 @@
\chapter{IMPLEMENTATION}
\section{Project Development Objective}
- The objective of this project was to produce a web application that would allow an organisation to create, store, share and submit completed compliance forms in order to reduce the cost of tracking and maintaining compliance to any cyber security standard.
+ The objective of this project is to produce a web application that allows an organisation to create, store, share and submit completed compliance forms to reduce the cost of tracking and maintaining compliance to any cyber security standard.
\subsection{Functionality}
- The application, called CompForge, allows a user to create custom compliance forms, which are stored on a serverless database and hosted on Google Firebase. These forms can be shared with partners, that is other users that are added in a similar fashion to friends or followers on social media. When a form is shared with a partner, that partner can complete and return it to the original user with their given responses to each question.
+ The application, called CompForge, allows a user to create custom compliance forms, which are stored on a serverless database and hosted on Google Firebase. These forms can be shared with partners, i.e. other users that can be added in a similar fashion to friends or followers on social media. When such a form is shared with a partner, that partner can complete and return it to the original user with their given responses to each question.
\section{Technologies}
- The implementation of a variety of different features was required to complete the application and this entailed the employment of a number of different technologies. Requirements included a fast and flexible frontend framework to reduce loading times and adapt quickly to changes from the backend, a real-time database to send those changes to the frontend, and good out-of-the-box security.
+ A variety of different features were required to be implemented to complete the application which entailed several different technologies. Requirements included a fast and flexible frontend framework to reduce loading times that adapt quickly to changes from the backend, a real-time database to send those changes to the frontend, and good out-of-the-box security.
\begin{table}[H]
\centering
@@ -37,7 +37,7 @@
\hline
\makecell{Firestore} & \makecell{Serverless real-time\\NoSQL database} & \makecell{Development speed,\\real-time updates}\\
\hline
- \makecell{Firebase CLI} & \makecell{Utility for\\administering\\Firebase projects} & \makecell{Configuration of\\React-Firebase connection}\\
+ \makecell{Firebase Command\\Line Interface (CLI)} & \makecell{Utility for\\administering\\Firebase projects} & \makecell{Configuration of\\React-Firebase connection}\\
\hline
\hline
\multicolumn{3}{|c|}{Report}\\
@@ -60,46 +60,51 @@
\end{table}
\subsection{React}
- React is a JavaScript library specialising in the development of user interfaces, developed and maintained by Facebook. \cite{React} React was chosen as the medium for the frontend due to its manipulation of the virtual DOM which reduces loading times, its reusable components to increase development speed, and its built-in defence against Cross Site Scripting attacks. Given that the core of the application involves user inputting data to forms, the latter is especially important.
+ React is a JavaScript library for the development of user interfaces, developed and maintained by Facebook. \cite{React} React was chosen as the medium for the frontend due to its manipulation of the virtual DOM which reduces loading times, its reusable components to increase development speed, and its built-in defence against Cross Site Scripting attacks. Given that the core application involves user inputting data to forms, the latter is especially important.
\subsubsection{Redux/Thunk}
- Redux was utilised to manage the state of the application, including the user's data and whether they are authenticated. Redux imposes certain restrictions when it comes to state management, increasing a developer's control over how and when the state can be updated.
+ Redux was utilised to manage the state of the application, including the user's data and authentication. Redux imposes certain restrictions to state management, increasing a developer's control over how and when the state can be updated.
- To change the application's state, you need to dispatch an action (a JavaScript object). The action and the application's current state are passed into a JavaScript function, called a reducer. A reducer takes these two parameters and returns the new state of the application. Usually the state of an application will be quite large so instead of managing the entire state with a single reducer, multiple reducers are written to manage different parts of the state.
+ To change the application's state, a JavaScript object is required to be dispatched. The action and the application's current state are passed into a JavaScript function, known as a reducer. A reducer takes these two parameters and returns the new state of the application. Usually the state of an application will be large so rather than managing the entire state with a single reducer, multiple reducers are written to manage different parts of the state.
Thunk allows asynchronous logic to interact with the state. It was used in CompForge to do ... TODO
\subsubsection{Code Structure}
- The structure of the React frontend is heavily influenced by create-react-app - a tool used in this instance to get a head start on the setup and configuration of the frontend application. Since there is no recommended way to structure React projects, I decided that the best method for the remainder source code was to group by their type (components, reducers and actions) thereby simplifying the process of finding and editing related components.
+ The structure of the React frontend is heavily influenced by create-react-app - a tool used here to get a head-start on the frontend application's setup and configuration. As there is no recommended React project structure, it was decided that the best method for the remainder source code was to group them by type (components, reducers and actions), thereby simplifying the process of finding and editing related components.
\subsubsection{Single Page Application and Routing}
- Another reason for using the create-react-app tool, is that it initialises the application as a single-page application (SPA), which further reduces the loading time for users. As an SPA, the entire frontend is loaded when the user enters the application and it is not necessary to load anything further, even when navigating the app. From there, all the routing between the different pages is done by React Router, a library of React components that are used to navigate between pages in an SPA. However as everything in React is a component, including the \textquoteleft pages\textquoteright, the advantage of React Router is that it allows redirection between components, and as such, will only need to re-render the relevant component(s) that are being loaded to the screen, as opposed to the entire page.
+ Another reason for using the create-react-app tool, is to initialise the application as a single-page application (SPA), to further reduce the user loading time. As an SPA, the entire frontend is loaded when the user enters the application and it is not necessary to load anything further, even when navigating the app. From there, all routing between the different pages is driven by React Router, a library of React components that are used to navigate between pages in an SPA. However as everything in React is a component, including the \textquoteleft pages\textquoteright, React Router's advantage is to allow redirection between components and as such it only needs to re-render the relevant component(s) that are being loaded to the screen, as opposed to the entire page.
\subsubsection{Node.js}
- Node is a free cross platform open source server environment that runs JavaScript. It was used in this project as a local testing environment as it allows the React project to run on a local development server. Node also manages a range of modules that the project was dependent on, including Material-UI, and the Firebase CLI.
+ Node is a free cross platform open source server environment that runs JavaScript. It was used in this project as a local testing environment as it allows the React project to run on a local development server. Node also manages a range of modules on which the project depends, including Material-UI, and Firebase CLI.
\subsection{Google Firebase}
- Firebase is Google's mobile application development platform. \cite{Firebase} It is used by many large applications such as Lyft, Venmo and Trivago for its multitude of services including hosting, authentication, database, storage and functions.
+ Firebase is Google's mobile application development platform. \cite{Firebase} It is used by many large applications such as Lyft, Venmo and Trivago for its wide capabilities including hosting, authentication, database, storage and functions.
\subsubsection{Firestore}
- The benefit of using Firebase's database (known as Firestore) is that data sent to the database is immediately forwarded on to relevant interested instances of the application so changes made by one user can update another user in close to real time. In addition, you can add multiple apps to the service and they will all share the same database making maintaining the application across multiple platforms, like Web, iOS and Android far easier.
+ The benefit of using Firebase's database (known as Firestore) is that data sent to the database is immediately forwarded to relevant interested instances of the application so changes made by one user can update another user in close to real time. In addition, multiple apps can be added to the service and they all share the same database enabling application maintenance across multiple platforms, like Web, iOS and Android.
\subsubsection{Serverless Architecture}
- Serverless architecture is the model Firebase uses as its platform. It is not, in fact, serverless as the name suggests. It simply means that the need for server software and hardware management by the developer is erased because the infrastructure is provided by a host, like Firebase. This allows for improved scalability for hosted applications.
+ Serverless architecture is the model Firebase uses for its platform. It is not, in fact, serverless as the name suggests, but means that the need for server software and hardware management by the developer is erased as the infrastructure is provided by a host, like Firebase. This allows for improved scalability for hosted applications.
-\section{Progression}
- This section describes the progression of the implementation during each sprint. The original plan for these sprints is laid out in chapter 8. Much of the implementation took longer than expected due to the fact it was the first time many of the technologies were being used, resulting in a steep learning curve.
- \subsection{Sprint 1}
- The implementation started with the installation and running of create-react-app to kickstart frontend development. From there, Material-UI components were used and tweaked alongside custom code to construct the \textquotedblleft Dashboard\textquotedblright\, and \textquotedblleft Create a Form\textquotedblright\ pages. Below is a screenshot of an early iteration of the dashboard.
+\section{Progression and use of Agile}
+ This section describes the implementation's progression during each sprint. The original plan for the sprints is described in chapter 8. Much of the implementation took longer than expected due to the fact it was the first time many of the technologies were being used, resulting in a steep learning curve.
+
+ \begin{description}
+ \item [Sprint 1]
+ \end{description}
+ The implementation began with the installation and running of create-react-app to kickstart frontend development. From there, Material-UI components were used and adjusted alongside custom code to construct the \textquotedblleft Dashboard\textquotedblright\, and \textquotedblleft Create a Form\textquotedblright\ pages. Below is a screenshot of an early iteration of the dashboard.
\begin{figure}[H]
\center
\includegraphics[height=100mm, width=145mm]{../figures/Dashboard (hardcoded)}
- \caption{Dashboard}
+ \caption{Dashboard: First Draft}
\end{figure}
- \subsection{Sprint 2}
+ \begin{description}
+ \item [Sprint 2]
+ \end{description}
A \textquoteleft Compforge\textquoteright\ project was created on Firebase. Some configuration in the React code was needed to connect to the project's Firestore. In addition, a considerable amount of work was done to implement the Redux/Thunk reducers and actions needed to store and manipulate the state of the application.
\begin{figure}[H]
@@ -108,14 +113,22 @@
\caption{Firestore}
\end{figure}
- \subsection{Sprint 3}
- With the basics finished, the next step was to set up authentication and user accounts, implemented using Firebase Authentication. For simplicity, I only configured sign ups by email, though it is possible to set up authentication via many other methods in Firebase namely; phone number, Google, Facebook, Twitter, GitHub, Yahoo, Microsoft and Apple accounts. Once accounts and authentication were completed, the frontend needed a \textquoteleft Sign up\textquoteright\ and \textquoteleft Sign in\textquoteright\ page. Using a Material-UI template, some configuration of the React code, as well as adjustments to the routing, the ability to sign up, sign in and sign out was added to the web app.
+ \begin{description}
+ \item [Sprint 3]
+ \end{description}
+ With the basics completed, set up of authentication and user accounts was implemented using Firebase Authentication. For simplicity, the signups were only setup for email, though it is possible to set up authentication via many other methods in Firebase namely; phone number, Google, Facebook, Twitter, GitHub, Yahoo, Microsoft and Apple accounts. Once accounts and authentication were completed, the frontend needed a \textquoteleft Sign up\textquoteright\ and \textquoteleft Sign in\textquoteright\ page. Using a Material-UI template, some configuration of the React code, as well as adjustments to the routing, the ability to sign up, sign in and sign out was added to the web app.
- \subsection{Sprint 4}
- After user accounts had been set up, the intention had been to implement the partner system. However, due to time constraints (discussed further in Chapter 7: Evaluation) this requirement was removed. Instead work focused on finishing the MVP; saving forms from the form creation page to Firestore, and the ability to share forms direct to users via their email addresses.
+ \begin{description}
+ \item [Sprint 4]
+ \end{description}
+ Following user account set up, the intention had been to implement the partner system. However, due to time constraints (discussed further in Chapter 7: Evaluation) this requirement was removed. Instead work focused on finishing the MVP; saving forms from the form creation page to Firestore, and the ability to share forms directly to users via their email addresses.
- \subsection{Sprint 5}
- The final requirements were for a user to create submissions for forms that are shared with them and to view forms and submissions. After creating a frontend page for completing and submitting a form, and adding it to the routing, the submissions were stored in Firestore in their own collection.
+ \begin{description}
+ \item [Sprint 5]
+ \end{description}
+ The final requirements were for a user to create submissions from forms that are shared with them and to view such forms and submissions. Having created a frontend page for completing and submitting a form, and adding it to the routing, the submissions were stored in Firestore in their own collection.
- \subsection{Sprint 6}
+ \begin{description}
+ \item [Sprint 6]
+ \end{description}
Refinements to the UI were made to improve the user experience, including changes to the columns shown on the form table on the dashboard. Some compiler warnings were also cleared and links between the \textquotedblleft sign in\textquotedblright\ and \textquotedblleft sign up\textquotedblright\ pages were created.
\ No newline at end of file
diff --git a/report/6_TestingAndSoftwareValidation.tex b/report/6_TestingAndSoftwareValidation.tex
index 8d06eb74b7e60570cdc7d286bb5abc0c94784ccc..715f304e1160ce9d168200465afe264aea46d455 100644
--- a/report/6_TestingAndSoftwareValidation.tex
+++ b/report/6_TestingAndSoftwareValidation.tex
@@ -3,10 +3,10 @@
%% ----------------------------------------------------------------
\chapter{TESTING AND SOFTWARE VALIDATION}
- Verification and validation are essential parts of any software project. Consequently, multiple different methods for testing the application have been employed to confirm that the application is fully functional and robust, from manual and automated to user and requirements testing.
+ Verification and validation are essential parts of any software project. Consequently, many different application testing methods were employed to confirm that the application was fully functional and robust including from manual and automated to user and requirements testing.
\section{Verification}
- Verification tests have been carried out to make sure that all functionality has been implemented in the project to meet the requirements of the target users.
+ Verification tests were carried out to ensure that all project functionality was implemented to meet the requirements of the target users.
\subsection{Requirements testing}
@@ -17,11 +17,11 @@
Requirement & Expectation & Outcome & Result\\
\hline
\hline
- \makecell{Register} & \makecell{Use email address to\\create an account} & \makecell{Users are able to use their\\email address to create an\\account} & \cellcolor{green}\checkmark\\
+ \makecell{Register} & \makecell{Use email address to\\create an account} & \makecell{Users can use their email\\address to create an account} & \cellcolor{green}\checkmark\\
\hline
\makecell{Sign in} & \makecell{Use email address and\\password created at sign\\up to sign in} & \makecell{Users are able to login} & \cellcolor{green}\checkmark\\
\hline
- \makecell{Sign out} & \makecell{Sign out of account\\so that account is\\no longer accessible\\without signing back in} & \makecell{On clicking the sign out\\button the user is no\\longer able to access\\their account without\\logging back in} & \cellcolor{green}\checkmark\\
+ \makecell{Sign out} & \makecell{Account sign out to ensure\\the account is not accessible\\without signing back in} & \makecell{On signing out the user\\is no longer able to access\\their account} & \cellcolor{green}\checkmark\\
\hline
\makecell{Create Form} & \makecell{Create a custom\\compliance form which is\\stored in association\\with the user's account} & \makecell{Ability to create a compliance\\form which is stored and\\associated with the user's\\account} & \cellcolor{green}\checkmark\\
\hline
@@ -29,13 +29,13 @@
\hline
\makecell{Share Form} & \makecell{Share a form created\\by the user, with\\another user} & \makecell{Sharing a form with\\another user allows that\\ user to view, fill out and\\return a form submission} & \cellcolor{green}\checkmark\\
\hline
- \makecell{Edit Form} & \makecell{Edit the questions and\\responses of created forms.} & \makecell{Requirement dropped due\\to time constraints as it\\was not a part of the MVP.} & \cellcolor{red}\texttimes\\
+ \makecell{Edit Form} & \makecell{Edit the questions and\\responses of created forms.} & \makecell{Requirement dropped due\\to time constraints as it\\was not part of the MVP.} & \cellcolor{red}\texttimes\\
\hline
\makecell{Delete Form} & \makecell{Delete a form created\\by the user} & \makecell{Deleting a form that\\was originally created by\\that user. Unable to\\delete forms created\\by other users} & \cellcolor{green}\checkmark\\
\hline
\makecell{Form Submission} & \makecell{To return a partner's responses\\to a form to the user} & \makecell{Users can select responses\\for each form's questions\\and submit their responses\\to the form's author} & \cellcolor{green}\checkmark\\
\hline
- \makecell{Add Partner} & \makecell{To search and add another\\user as a partner} & \makecell{Requirement dropped due\\to time constraints as it\\was not a part of the MVP.} & \cellcolor{red}\texttimes\\
+ \makecell{Add Partner} & \makecell{To search and add another\\user as a partner} & \makecell{Requirement dropped due\\to time constraints as it\\was not part of the MVP.} & \cellcolor{red}\texttimes\\
\hline
\end{tabular}
\caption{Requirements testing}
diff --git a/report/7_Evaluation.tex b/report/7_Evaluation.tex
index 250bed6636fdb5425f641132b14cc1ce5d10fe80..b76fb839824431935e25452ceb39267299f8a1ae 100644
--- a/report/7_Evaluation.tex
+++ b/report/7_Evaluation.tex
@@ -3,16 +3,23 @@
%% ----------------------------------------------------------------
\chapter{EVALUATION}
-This chapter will appraise the quality of the project by critical evaluation and discuss the results of the requirements testing taking into consideration issues that were encountered during implementation.
+This chapter appraises the quality of the project by critical and comparative evaluation, and discusses the results of the requirements testing taking into consideration issues that were encountered during implementation.
\section{Critical Evaluation}
- While React was a good choice from a development and maintenance point of view, it would probably have been more prudent to use a language/library/framework with which I was already more familiar. Whilst a great deal was learned from the implementation of this project, it was significantly delayed - in part due to the time required to learn how to properly use the React library, including React Router and Redux/Thunk.
+ While React was a good choice from a development and maintenance viewpoint, it may have been more prudent to use a language/library/framework with which I was more familiar. Whilst a great deal was learned from the implementation of this project, it was significantly delayed - in part due to the time required to learn how to properly use the React library, including React Router and Redux/Thunk.
- With regard to the outcome of the project versus the initial functional requirements, the project is functional because all of the components identified as the MVP have been implemented. However with the obvious downfall that some features, namely adding partners and editing forms, were not implemented which was disappointing, albeit unavoidable, given the delays.
+ With regard to the outcome of the project versus the initial functional requirements, the project is functional because all of the components identified as the MVP have been implemented. However with the challenge that some features, namely adding partners and editing forms, were not implemented, this was disappointing, albeit unavoidable, given the delays.
+
+
+\section{Comparative Evaluation}
+ TODO.
\section{Project Management}
- Some of the first parts of the project actually progressed ahead of schedule, such as the creation of the initial Gantt chart. Until the deadline for the progress report in December, the project was continuing to progress on schedule. Understandably, the implementation, testing and final report write up were severely impacted by the university closure from the 23rd March onwards, due to the spread of COVID-19. This, coupled with delays during the implementation caused by an underestimation of the learning curve of the technologies that were used, resulted in much of the remainder of the project being completed behind schedule, and consequent removal of non-essential features from the requirements.
+ Some of the first parts of the project progressed ahead of schedule, such as the creation of the initial Gantt chart. Until the deadline for the progress report in December, the project was continuing to progress on schedule. Understandably, the implementation, testing and final report write up were severely impacted by the university closure from the 23rd March onwards, due to the spread of COVID-19. This, coupled with delays during the implementation caused by an underestimation of the learning curve of the technologies that were used, resulted in much of the remainder of the project being completed behind schedule, and consequent removal of non-essential features from the requirements. TODO mitigation
+
+ \subsection{Reflection}
+ TODO.
\subsection{Gantt Chart}
diff --git a/report/8_Conclusions.tex b/report/8_Conclusions.tex
index 977b72d2f6e05863676e6b74fe7a80b12554d02f..a54819f8d0ff0e1034cff4762025e83d31a70d9a 100644
--- a/report/8_Conclusions.tex
+++ b/report/8_Conclusions.tex
@@ -3,25 +3,40 @@
%% ----------------------------------------------------------------
\chapter{CONCLUSION} \label{Chapter: Conclusions}
-This project aimed to enable SMEs to create and customise their own compliance forms in order to stay up to date with the latest cyber security standards, as well as ensure that their partner organisations and other organisations in their supply chain are keeping to those same standards in an economically efficient way. CompForge has lowered the time and cost required to perform these tasks, with a user-friendly UI and real time updates from the application's Firestore database.
+This project aimed to enable SMEs to create and customise their own compliance forms to stay up to date with the latest cyber security standards, as well as ensure that their partner organisations and other organisations in their supply chain are keeping to those same standards in a cost effective way. CompForge has lowered the time and cost required to perform these tasks, with a user-friendly UI and real time updates from the application's Firestore database.
+
+\section{Achievement}
+ TODO
\section{Improvements}
- After evaluating the application and comparing it to competitors, a number of improvements that could be made have come to mind.
+ Having evaluated the application in conjunction with competitor applications, a number of improvements that could be made have come to mind.
- The ability to edit forms that have already been created would be a useful tool in case a mistake is found, or an update is required. This is to be expected in the continuously growing field of cyber security, as doubtless many of the standards that are active today will change with time as technology continues to move forward along with the threats.
+ \subsection{Missing Requirements}
+
+ \subsubsection{Edit Forms}
+ The ability to edit forms that have already been created would be a useful tool in case a mistake is found, or an update is required. This is to be expected in the continuously growing field of cyber security, as doubtless many of the standards that are active today will change with time as technology continues to move forward along with the threats.
- In the same vein, it would be useful to add the ability to share a form with new partners after it has been created. Organisations change and grow, and it could be necessary to share a form with additional organisations.
+ \subsubsection{Share Forms}
+ In the same vein, it would be useful to add the ability to share a form with new partners after it has been created. Organisations change and grow, and it could be necessary to share a form with additional organisations.
- To save time, another useful feature would be the ability to add partners in a similar way to adding a friend on a social media platform. There would be no need to look up email addresses every time you needed to share a new form with an existing partner.
+ \subsubsection{Add Partners}
+ To save time, another useful feature would be the ability to add partners in a similar way to adding a friend on a social media platform. There would be no need to search for email addresses every time they would be needed when sharing a new form with an existing partner.
- Finally, the number of forms that can be created and shared is technically infinite so a search bar and sorting filter would be useful additions to the application.
+ \subsection{Ability to Search/Sort}
+ Finally, the number of forms that can be created and shared is technically infinite so a search bar and sorting filter would be useful additions to the application.
\section{Future Work}
Further to the above enhancements, there are some more major improvements that could be made with future work.
- Specifically, a feature that allows a user to export form templates and specific submissions from partners into a particular format. Users may wish to print another user's submission to their form or share a form template with another user.
+ \subsection{Mobile Applications}
+ As described in Chapter 8, multiple applications can be added to a Firebase project and share the same data. This would allow easy integration of mobile applications on platforms such as iOS or Android.
+
+ \subsection{Export Form Templates}
+ Specifically, a feature that allows a user to export form templates and specific submissions from partners into a particular format. Users may wish to print another user's submission to their form or share a form template with another user.
- Conversely, the ability to import existing form templates would allow users to share popular standards such as; ISO/IEC 27001, Cloud Controls Matrix, the Cyber Essentials Scheme, or its progeny, IASME.
+ \subsection{Import Form Templates}
+ Conversely, the ability to import existing form templates would allow users to share popular standards such as; ISO/IEC 27001, Cloud Controls Matrix, the Cyber Essentials Scheme, or its progeny, IASME.
- Finally, the use of email notifications to notify users when a form has been shared with them, or when a partner has made a submission would be convenient, as it is unlikely a user will have the application open at all times.
\ No newline at end of file
+ \subsection{Notifications}
+ Finally, the use of email notifications to notify users when a form has been shared with them, or when a partner has made a submission would be convenient, as it is unlikely a user will have the application open at all times.
\ No newline at end of file
diff --git a/report/master.pdf b/report/master.pdf
index 910b2eb483cc0b29de4f5fa472216cf1bbb6ce1b..25dec046fea42c335442366eade61d824797c43a 100644
Binary files a/report/master.pdf and b/report/master.pdf differ