diff --git a/report/0_Abstract.tex b/report/0_Abstract.tex
index c41283036d9a4d7cace573d826b336cb2208e2d3..935aa2ab7af48f99ef2a6aed3a5b9a0bbe752c3a 100644
--- a/report/0_Abstract.tex
+++ b/report/0_Abstract.tex
@@ -2,6 +2,6 @@
Hundreds of cyber security standards exist, and many businesses require their partner companies and/or members of their supply chain to comply with various and numerous of these standards. Keeping track of each company's compliance to a particular standard is a lengthy and potentially expensive process since it can be very difficult to maintain without the use of an external service or consultant and most SMEs will be unable to afford this. Due to the required time and level of experience it may not be something a system administrator could do in addition to their normal responsibilities leaving only the cost alternative of a specialist consultant.
-To this end, an engine that automatically generates cyber security compliance forms could provide a low cost, time efficient solution for businesses that need a flexible and customisable way of tracing their partners' compliance (or their own compliance) with multiple standards.
+To this end, an engine that automatically generates cyber security compliance forms would provide a low cost, time efficient solution for businesses that need a flexible and customisable way of tracking their partners' compliance (or their own compliance) with multiple standards.
Therefore the goal of this project is to create a web application system that will generate and store compliance forms for a non-technical end user and allow access to chosen partners. The scope of this project focuses on the cyber security field but has the potential, with future work, to explore alternative forms of compliance also.
\ No newline at end of file
diff --git a/report/1_Introduction.tex b/report/1_Introduction.tex
index 75c179708ab1af67096f6f475daf3b84aefcde95..3179aa9f14e2225db15a35180727334748c87d3b 100644
--- a/report/1_Introduction.tex
+++ b/report/1_Introduction.tex
@@ -10,24 +10,24 @@
The following chapter will give an overview of the project\textquoteright s goals and objectives. The subsequent chapters will go on to talk about compliance in cyber security, cyber crime, supply chains and the impacts of security breaches on businesses, use cases, requirements, risks and functionality for the proposed application, followed by the proposed design of the implementation for the application.
\section{Identification of the Problem}
- Keeping track of each company\textquoteright s compliance to a specific standard is a lengthy and potentially expensive task since it can be very difficult to maintain without the use of an external service or consultant. Due to the time and experience level required, it is unlikely to be a task a system administrator would be able to perform in addition to their other responsibilities, and a specialist will, in all likelihood, be too expensive for most SMEs.
+ Keeping track of each company's compliance to a specific standard is a lengthy and potentially expensive task since it can be very difficult to maintain without the use of an external service or consultant. Due to the time and experience level required, it is unlikely to be a task a system administrator would be able to perform in addition to their other responsibilities, and a specialist will, in all likelihood, be too expensive for most SMEs.
- An automatically generated cyber security compliance form engine, could provide a low cost, time efficient solution for businesses that need a flexible, customisable way of tracking their partner\textquoteright s compliance - or their own compliance - with multiple standards.
+ An automatically generated cyber security compliance form engine, would provide a low cost, time efficient solution for businesses that need a flexible, customisable way of tracking their partner's compliance - or their own compliance - with multiple standards.
\section{Aim}
- Ultimately, the goal of the project is to enable organisations to maintain and improve their cyber security by adhering to various compliance standards, such as the guidelines set out by the UK government's Cyber Essentials scheme. The scheme aims to protect organisations from a range of attacks that could be carried out by relatively unskilled individuals - the most common cyber threat to businesses. \cite{CyberEssentials}
+ Ultimately, the goal of the project was to enable organisations to maintain and improve their cyber security by adhering to various compliance standards, such as the guidelines set out by the UK government's Cyber Essentials scheme. The scheme aims to protect organisations from a range of attacks that could be carried out by relatively unskilled individuals - the most common cyber threat to businesses. \cite{CyberEssentials}
\subsection{Research}
- A thorough review of relevant literature will be required to fully understand the problem and the existing solutions, if any exist. If they do, an assessment of possible improvements that could be made to those solutions should also be executed. A chapter detailing the analysis of the requirements for the project will be required to determine and gauge the feasibility and enable the planning and design of the application itself. This should include an assessment of likely risks to the project.
+ A thorough review of relevant literature was required to fully understand the problem and the existing solutions, if any existed. If they did, an assessment of possible improvements that could be made to those solutions should also be executed. A chapter detailing the analysis of the requirements for the project was required to determine and gauge the feasibility and enable the planning and design of the application itself. This included an assessment of likely risks to the project.
\subsection{Development and Testing}
- The implementation of the web application, in a manner which allows for easy maintenance, extensions and other improvements at a later date, is essential. To ensure the functionality of all parts of the application, a testing system should also be implemented - set up as continuous integration with regression testing. This software validation should be automated for consistency and to save time.
+ The implementation of the web application, in a manner which allows for easy maintenance, extensions and other improvements at a later date, was essential. To ensure the functionality of all parts of the application, a testing system was also implemented. This software validation was automated for consistency and to save time.
\subsection{Analysis}
- An analysis of the results of the testing and of the implementation should be carried out after it is finalised, to establish adherence to the designs and assure the quality of the code.
+ An analysis of the results of the testing and of the implementation was carried out after it was finalised, to establish adherence to the designs and assure the quality of the code.
\subsection{Evaluation}
- An evaluation of the whole project including its management should be performed. Finally, a summary of possible future work that could be carried out should be developed, to improve upon this project and/or extend it.
+ An evaluation of the whole project including its management was performed. Finally, a summary of possible future work that could be carried out to extend the potential of the project should be considered.
\section{Functionality}
- The goal of the application is to have a system that will generate and store compliance forms for the end-user. The forms will be automatically generated via an interface on the application by a user, and accessible by \textquoteleft partners\textquoteright. Partners will be other users that can be added by the primary user, much like friends or followers on a social media application. Users will be able to update the forms\textquoteright\ parameters, and partners will be able to update their answers to the forms, later on. This project is a cloud-based application, and it will deal with cyber security compliance only - no other forms of compliance will be within the scope of this project.
\ No newline at end of file
+ The goal of the application was to have a system that generates and stores compliance forms for the end-user. The forms are automatically generated via an interface on the application by a user, and accessible by \textquoteleft partners\textquoteright. Partners are other users that can be added by the primary user, much like friends or followers on a social media platform. Once added, users will be able to share forms with their partners, for them to complete and submit back to the user. Users are able to update the forms' parameters and partners are able to update their answers to the forms, at a later stage. This project is a cloud-based application and it will deal with cyber security compliance only - no other forms of compliance are within the scope of this project.
\ No newline at end of file
diff --git a/report/2_BackgroundAndLiteratureReview.tex b/report/2_BackgroundAndLiteratureReview.tex
index 50cfee221de4b1f172055889e34479e1ee9840c6..81eeb43c4efd1237a8dcc75b92ab08c4aca0c251 100644
--- a/report/2_BackgroundAndLiteratureReview.tex
+++ b/report/2_BackgroundAndLiteratureReview.tex
@@ -4,19 +4,19 @@
\chapter{BACKGROUND AND LITERATURE REVIEW}
\section{Crime}
- There has been a significant increase in cyber-criminal activity in recent years. \cite{GDPR} The methods used by criminals are currently changing as businesses begin to be targeted more frequently than individuals. \cite{GDPR} Cyber crime is growing at a rapid rate, making it increasingly troublesome for regulations and legislation to keep pace, resulting in outdated laws that are often unfit for purpose. \cite{GDPR}
+ There has been a significant increase in cyber-criminal activity in recent years. \cite{GDPR} The methods used by criminals are currently changing as businesses begin to be targeted more frequently than individuals. \cite{GDPR} Cyber crime is growing at a rapid rate, making it increasingly troublesome for regulations and legislation to keep pace resulting in outdated laws that are often unfit for purpose. \cite{GDPR}
\section{Supply Chains}
- Supply chain management is a process essential for connecting major business actions and behaviours both internally and between organisations into a capable and effective business model. \cite{CSCRM} It encompasses all logistics management endeavours, not to mention manufacturing operations, and it drives the coordination of activities across multiple business areas including; marketing, sales, product design, finance, and IT. \cite{CSCRM}
+ Supply chain management is a process essential for connecting major business actions and behaviours both internally and externally between organisations into a capable and effective business model. \cite{CSCRM} It encompasses all logistic management endeavours, not to mention manufacturing operations, and drives the coordination of activities across multiple business areas including marketing, sales, product design, finance, and IT. \cite{CSCRM}
\subsection{Supply Chain Security}
Supply chain security concentrates on the threats linked to an organisation\textquoteright s suppliers of goods and services, many of which potentially have considerable access to assets belonging to the company or to its customer data. \cite{CombattingCyberRisks}
\section{Compliance}
- Compliance is a crucial, costly, and complex issue for any company to deal with. \cite{ComplianceGovernance} It relates to the conformance to a set of laws, regulations, policies, or best practices known as standards. \cite{ComplianceGovernance} 1Organisations can be required to take steps to put policies and controls in place that ensure conformity with the regulations outlined in their given compliance standard(s), the purpose of which is to safeguard the organisation against security threats.
+ Compliance is a crucial, costly, and complex issue for any company to deal with. \cite{ComplianceGovernance} It relates to the conformance to a set of laws, regulations, policies, or best practices known as standards. \cite{ComplianceGovernance} Organisations are often required to take steps to put policies and controls in place ensuring conformity with the regulations outlined in their given compliance standard(s), the purpose of which is to safeguard the organisation against security threats.
\subsection{Compliance in Cyber Security}
- Cyber security is the aggregate of technologies, processes, and practices, which were designed to shield computer networks, software, and data from loss, theft, or manipulation. \cite{CSCRM} Cyber security standards have existed for a long time, affecting the necessary policies and practices of individuals and organisations over the last several decades. \cite{StanfordConsortium} Various regulations and legislation often struggle to keep up with the latest cyber threats due to the rapid evolution of the field. \cite{GDPR} As a result of the expanding pool of available tools, there is an ever-increasing number of people able to access the world of cyber crime. This makes it all the more crucial that conforming to the latest standards becomes an imperative for every company, regardless of the size of the enterprise. The hope for this project is that it will help to enable organisations to achieve compliance with any given standard in a cost effective manner.
+ Cyber security is the aggregate of technologies, processes, and practices which were designed to shield computer networks, software and data from loss, theft or manipulation. \cite{CSCRM} Cyber security standards have existed for a long time, affecting the necessary policies and practices of individuals and organisations over the last several decades. \cite{StanfordConsortium} Various regulations and legislation often struggle to keep up with the latest cyber threats due to the rapid evolution of the field. \cite{GDPR} As a result of the expanding pool of available tools, there is an ever-increasing number of people able to access the world of cyber crime. This makes it all the more crucial that conforming to the latest standards becomes an imperative for every company, regardless of the size of the enterprise. The hope for this project is that it will help to enable organisations to achieve compliance with any given standard in a cost effective manner.
\subsection{Cyber Essentials}
The UK Government worked with a number of other institutions to develop Cyber Essentials, a set of basic standards to help organisations defend themselves from common security threats online. \cite{CyberEssentials} The scheme is designed to prevent unskilled individuals from being able to find basic vulnerabilities in an organisation by providing advice, and two different levels of certification; \textquotedblleft Cyber Essentials\textquotedblright\ and \textquotedblleft Cyber Essentials Plus\textquotedblright. The former is a self-assessment designed to be light-weight and easy to follow, while in the latter, a certification body carries out the verification of the organisation\textquoteright s cyber security, instead of it being done by the company in question.
@@ -25,7 +25,7 @@
Cyber attacks are financially devastating and disrupting to people and businesses. Successful attacks have the potential to expose personal information, leaving the victims of these security breaches vulnerable to fraud. \cite{CyberCrime} Victims are also left vulnerable to further attacks, using the information previously gathered by attackers.
\subsection{The Effect on Business and Loss of Confidence}
- According to a survey by Ping Identity (a company that sells a number of cloud and software identity security solutions), 75\% of people stop engaging with a brand online following a data breach, as well as 59\% saying they were not willing to sign up to use an online service or application that had recently experienced a data breach. \cite{ITGovernance} In spite of this, a staggering 56\% said they were unwilling to pay any amount of money for additional security to protect their personal information. \cite{ITGovernance}
+ According to a survey by Ping Identity (a company that sells a number of cloud and software identity security solutions), 75\% of people stop engaging with a brand online following a data breach, 59\% say they are not willing to sign up to use an online service or application that had recently experienced a data breach. \cite{ITGovernance} In spite of this, a staggering 56\% said they were unwilling to pay any amount of money for additional security to protect their personal information. \cite{ITGovernance}
\subsection{Legal consequences}
GDPR requires proper management of all the personal information held by an organisation. \cite{BusinessInfo} If this information is compromised, and that organisation has neglected to deploy basic security measures, it is possible they will face fines and regulatory sanctions. \cite{BusinessInfo}
@@ -39,9 +39,9 @@
Below is an overview and evaluation of two other products found during background research for the project.
\subsection{Formstack}
- Formstack boasts a drag and drop interface to allow quick and easy customisation of a form you create, with various components for different data types and layouts and you can see your changes in real time. The product is aimed at developers and non-technical people, offering a time-saving way to build forms for a wide variety of different functions, including collecting payments, gathering customer data and automating day-to-day tasks. \cite{Formstack}
+ Formstack boasts a drag and drop interface to allow quick and easy customisation of form creation, with various components for different data types and layouts allowing changes to be seen in real time. The product is aimed at developers and non-technical people, offering a time-saving way to build forms for a wide variety of different functions, including collecting payments, gathering customer data and automating day-to-day tasks. \cite{Formstack}
- At the time of writing, the product has multiple pricing tiers, starting from \$19 USD per month with 'Bronze' and ending up at a \$249 USD per month for 'Platinum', which includes \textquotedblleft Advanced data collection features \& priority support\textquotedblright. \cite{Formstack} There is also an 'Enterprise' edition, however pricing for that seems to be on a case-by-case basis.
+ At the time of writing, the product has multiple pricing tiers, starting from \$19 USD per month with \textquoteleft Bronze\textquoteright\ and ending at \$249 USD per month for \textquoteleft Platinum\textquoteright\ which includes \textquotedblleft Advanced data collection features \& priority support\textquotedblright. \cite{Formstack} There is also an 'Enterprise' edition but pricing for this seems to be on a case-by-case basis.
\begin{figure}[H]
\center
@@ -56,7 +56,7 @@
\end{figure}
\subsection{Device Magic}
- With a broad focus that includes; job reports, inspections, audits, work orders and invoices, Device Magic is a data collection application that allows users to create and complete mobile forms. \cite{DeviceMagic} One of the key selling points is the ability to use all the features of the app when offline. It possesses an easy-to-use drag and drop user interface similar to that of Formstack and also allows users to preview forms in mobile format when creating them on a desktop. \cite{DeviceMagic} It also features the capability to capture rich data (such as images), and to automate workflows, for example, allowing a form submission to trigger another form to be sent. \cite{DeviceMagic}
+ With a broad focus that includes job reports, inspections, audits, work orders and invoices, Device Magic is a data collection application that allows users to create and complete mobile forms. \cite{DeviceMagic} One of the key selling points is the ability to use all the features of the app when offline. It possesses an easy-to-use drag and drop user interface similar to that of Formstack and also allows users to preview forms in mobile format when creating them on a desktop. \cite{DeviceMagic} In addition it also features the capability to capture rich data (such as images), and to automate workflows, for example, allowing a form submission to trigger another form to be sent. \cite{DeviceMagic}
\begin{figure}[H]
\center
@@ -71,4 +71,4 @@
\end{figure}
\subsection{Evaluation and Comparison of Existing Products}
- The range of customisations available in Formstack and Device Magic make them a generic solution in comparison to the specialised nature of proposed in this project. CompForge will have a more streamlined interface and method for form creation. Compliance forms have a more straightforward and predictable structure, a fact which was taken advantage of during the design phase (see Chapter 4: Design).
\ No newline at end of file
+ The range of customisations available in Formstack and Device Magic make them a generic solution when compared to the specialised nature proposed in this project. This project will have a more streamlined interface and method for form creation. Compliance forms have a more straightforward and predictable structure, a fact which has been taken advantage of during the design phase (see Chapter 4: Design).
\ No newline at end of file
diff --git a/report/3_RequirementsAndAnalysis.tex b/report/3_RequirementsAndAnalysis.tex
index 46a27ef0a644165e8a45c3e65f3048059ac0b7d4..79e02bf13d8d7d4ae718747a68e33645f480fa03 100644
--- a/report/3_RequirementsAndAnalysis.tex
+++ b/report/3_RequirementsAndAnalysis.tex
@@ -12,26 +12,26 @@ This chapter will analyse the requirements of the proposed application and infor
\center
\begin{tikzpicture}
% components
- \umlactor[x=0, y=0, scale=2]{user}
+ \umlactor[x=0, y=0, scale=2]{User}
\umlusecase[x=-3, y=3, scale=1.25, name=register]{Register}
\umlusecase[x=-5, y=1.5, scale=1.25, name=signIn]{Sign In}
\umlusecase[x=-6, y=0, scale=1.25, name=signOut]{Sign Out}
\umlusecase[x=-5, y=-1.5, scale=1.25, name=createForm]{Create Form}
- \umlusecase[x=-3, y=-3, scale=1.25, name=viewForms]{View Forms}
+ \umlusecase[x=-3, y=-3, scale=1.25, name=viewForms]{View Form}
\umlusecase[x=3, y=3, scale=1.25, name=shareForm]{Share Form}
\umlusecase[x=5, y=1.5, scale=1.25, name=editForm]{Edit Form}
\umlusecase[x=6, y=0, scale=1.25, name=deleteForm]{Delete Form}
\umlusecase[x=5, y=-1.5, scale=1.25, name=submitForm]{Submit Form}
\umlusecase[x=3, y=-3, scale=1.25, name=addPartner]{Add Partner}
% connections
- \umlinherit{user}{register}
- \umlinherit{user}{signIn}
- \umlinherit{user}{addPartner}
- \umlinherit{user}{createForm}
- \umlinherit{user}{shareForm}
- \umlinherit{user}{viewForms}
- \umlinherit{user}{submitForm}
- \umlinherit{user}{signOut}
+ \umlinherit{User}{register}
+ \umlinherit{User}{signIn}
+ \umlinherit{User}{addPartner}
+ \umlinherit{User}{createForm}
+ \umlinherit{User}{shareForm}
+ \umlinherit{User}{viewForms}
+ \umlinherit{User}{submitForm}
+ \umlinherit{User}{signOut}
\end{tikzpicture}
\caption{Use Case Diagram 1}
\end{figure}
@@ -75,7 +75,7 @@ This chapter will analyse the requirements of the proposed application and infor
Use Case & Description\\
\hline
\hline
- Display forms & \makecell{A list of forms created by and shared with the user\\will be displayed, with the form's name, owner and\\date it was created.}\\
+ Display forms & \makecell{A list of forms created by the user and form shared\\with them by other users will be displayed, with the\\form's name, owner and date it was created.}\\
\hline
Create form button & \makecell{Takes the user to a page where they can enter the\\questions and possible responses for a new form.}\\
\hline
@@ -85,7 +85,7 @@ This chapter will analyse the requirements of the proposed application and infor
\hline
Edit form button & \makecell{Allows the user to change the questions and/or\\responses of a form.}\\
\hline
- Delete form button & \makecell{Allows the user to permanently delete forms (only\\forms that they have created).}\\
+ Delete form button & \makecell{Allows the user to permanently delete forms (but\\only forms that they have created).}\\
\hline
Add partner button & \makecell{Allows the user to search for other users' accounts\\and add them as partners.}\\
\hline
@@ -112,9 +112,9 @@ This chapter will analyse the requirements of the proposed application and infor
\hline
Sign out & Users will be able to sign out of the application.\\
\hline
- Create a form & \makecell{Users will be able to create a new form, which will be saved to\\their account.}\\
+ Create a form & \makecell{Users will be able to create a new form which will be saved to\\their account.}\\
\hline
- View a form & \makecell{Users will be able to view created forms, including questions\\and possible responses.}\\
+ View a form & \makecell{Users will be able to view created forms including questions\\and possible responses.}\\
\hline
Share a form & \makecell{Users will be able to share a form that they have created with\\a partner.}\\
\hline
@@ -124,20 +124,20 @@ This chapter will analyse the requirements of the proposed application and infor
\hline
Submit a form & \makecell{Users will be able to complete and submit responses for each form\\back to the form's author.}\\
\hline
- Add a partner & \makecell{Users will be able to view and edit their account information,\\including; name, email, company and password (not viewable).}\\
+ Add a partner & \makecell{Users will be able to view and edit their account information\\including name, email, company and password (latter not viewable).}\\
\hline
\end{tabular}
\caption{Functional Requirements}
\end{table}
\subsection{Functional Requirements Analysis}
- An importance level has been assigned to each of the functional requirements, in order to effectively plan the work to be done in order to create the minimum viable product. An additional table shows how the importance levels have been determined.\\
+ An importance level has been assigned to each of the functional requirements, in order to effectively plan the work to be done in order to create the minimum viable product. An additional table shows how the importance levels have been determined for each requirement.\\
\begin{table}[H]
\centering
\begin{tabular}{|c||c|c|c|c|c|}
\hline
- Complexity/Time & Low & Medium & High\\
+ Time\textbackslash Complexity & Low & Medium & High\\
\hline
\hline
Short & \cellcolor{Green}0.0625 & \cellcolor{Green}0.125 & \cellcolor{Yellow}0.25\\
@@ -183,7 +183,7 @@ This chapter will analyse the requirements of the proposed application and infor
\section{Non-Functional Requirements}
- Non-functional requirements are high-level requirements, that need to be considered during the development decisions for the entire application.\\
+ Non-functional requirements are high-level requirements that need to be considered during the development decisions for the entire application.\\
\begin{table}[H]
\centering
@@ -212,7 +212,7 @@ This chapter will analyse the requirements of the proposed application and infor
\centering
\begin{tabular}{|c||c|c|c|c|c|}
\hline
- Consequence/Likelihood & Negligible & Minor & Moderate & Major & Catastrophic\\
+ Probability\textbackslash Consequence & Negligible & Minor & Moderate & Major & Catastrophic\\
\hline
\hline
Impossible & \cellcolor{Green}0 & \cellcolor{Green}0 & \cellcolor{Green}0 & \cellcolor{Green}0 & \cellcolor{Green}0\\
@@ -235,7 +235,7 @@ This chapter will analyse the requirements of the proposed application and infor
\centering
\begin{tabular}{|c|c|c|c|c|c|}
\hline
- Risk & Likelihood & Consequence & \makecell{Risk\\Rating} & Mitigation\\
+ Risk & Probability & Consequence & \makecell{Risk\\Rating} & Mitigation\\
\hline
\hline
\makecell{Network\\loss} & High & Minor & \cellcolor{Green}0.1875 & Frequent update of database.\\
@@ -244,9 +244,9 @@ This chapter will analyse the requirements of the proposed application and infor
\hline
\makecell{Security\\breach} & Medium & Catastrophic & \cellcolor{Yellow}0.5 & \makecell{Follow good practice for secure\\development of cloud applications.}\\
\hline
- \makecell{Function\\error} & High & Major & \cellcolor{Red}0.5625 & \makecell{Implementation of test\\framework to ensure application\\is fully functional.}\\
+ \makecell{Function\\error} & High & Major & \cellcolor{Red}0.5625 & \makecell{Implementation of test\\framework to ensure application\\is fully functional and error free.}\\
\hline
- \makecell{Interface\\error} & High & Major & \cellcolor{Red}0.5625 & \makecell{Implementation of test\\framework to ensure application\\is fully functional.}\\
+ \makecell{Interface\\error} & High & Major & \cellcolor{Red}0.5625 & \makecell{Implementation of test\\framework to ensure application\\is fully functional and error free.}\\
\hline
\end{tabular}
\caption{Risk Analysis}
@@ -325,7 +325,7 @@ This chapter will analyse the requirements of the proposed application and infor
\node [entry] (start) {};
\node [block, right of=start] (displayDashboard) {Display Dashboard};
\node [block, right of=displayDashboard] (clickCreate) {User clicks \textquotedblleft Create new form\textquotedblright\ button};
- \node [block, below of=clickCreate] (enterFormDetails) {user enters form questions and possible responses};
+ \node [block, below of=clickCreate] (enterFormDetails) {User enters form questions and possible responses};
\node [block, left of=enterFormDetails] (clickSubmit) {User clicks \textquotedblleft Submit\textquotedblright\ button};
\node [database, left of=clickSubmit] (dataStored) {Form data stored in database};
\node [block, below of=dataStored] (displayDashboard2) {Display Dashboard with new form};
@@ -347,7 +347,7 @@ This chapter will analyse the requirements of the proposed application and infor
\node [entry] (start) {};
\node [block, right of=start] (displayDashboard) {Display Dashboard};
\node [block, right of=displayDashboard] (clickShare) {User clicks \textquotedblleft Share form\textquotedblright\ button};
- \node [block, below of=clickCreate] (selectPartners) {User selects one or more of their partner from a list};
+ \node [block, below of=clickCreate] (selectPartners) {User selects one or more of their partners from a list};
\node [block, left of=enterFormDetails] (clickSubmit) {User clicks \textquotedblleft Submit\textquotedblright\ button};
\node [database, left of=clickSubmit] (dataUpdated) {Database updated, forms appear in partners' dashboards};
\node [block, below of=dataUpdated] (displayDashboard2) {Display Dashboard};
diff --git a/report/4_Design.tex b/report/4_Design.tex
index 696f3a84577c8cf964e2d804a949e85fb45cb22d..764afe0d4acb921ebe6a501d94befad74b2994cd 100644
--- a/report/4_Design.tex
+++ b/report/4_Design.tex
@@ -18,13 +18,13 @@ The design of the web application will be based on the requirements established
\begin{itemize}
\item
- Alan is a 35-year-old head of IT at a small company. He is very capable when it comes to maintaining the company's network and cyber security, but does not know anything about the level of security at other organisations in his company's supply chain. He knows that those organisations could be compromised and used as an attack vector to infiltrate the company network and steal valuable data or do other serious harm.
+ Alan is a 35-year-old head of IT at a small company. He is very capable when it comes to maintaining the company's network and cyber security but does not know anything about the level of security at other organisations in his company's supply chain. He is aware that those organisations could be compromised and used as an attack vector to infiltrate the company network and steal valuable data or do other serious harm.
\item
Emily is a 22-year-old computer science graduate, tasked with producing some cyber security best practices for her company to follow, in order for it to fend off the basic attacks that could be carried out by an unskilled individual. She knows about cyber security best practices from some of her modules at university but is not sure where to start with producing compliance forms for her company to follow.
\item
- Bob is a 57-year-old systems administrator at a medium sized company that has just undergone a merger with another firm. He is tasked with combining the cyber security compliance standards that both old companies were using into a single standard for the new company to follow.
+ Bob is a 57-year-old systems administrator at a medium sized company that has just undergone a merger with another firm. He is tasked with combining the cyber security compliance standards that both former companies were using into a single standard for the new company to follow.
\end{itemize}
@@ -47,7 +47,7 @@ The design of the web application will be based on the requirements established
\section{Material-UI}
- Material-UI is a popular React UI framework for faster and easier web development. It has a massive suite of components that help with building a fully customisable UI, it is incredibly well documented, and it receives regular monthly updates from its developers. For these reasons, Material-UI has been used for many of the components in the project in order to increase development speed.
+ Material-UI is a popular React UI framework for faster and easier web development. It has a massive suite of components that help with building a fully customisable UI. It is incredibly well documented, and receives regular monthly updates from its developers. For these reasons, Material-UI has been used for many of the components in this project in order to increase development speed.
\section{Minimum Viable Product}
diff --git a/report/5_Implementation.tex b/report/5_Implementation.tex
index eb96220586e197fd768e33d5da4aaebe401a4338..073e263fbf563c75d25aaf7626f0dcd673697f3b 100644
--- a/report/5_Implementation.tex
+++ b/report/5_Implementation.tex
@@ -4,14 +4,14 @@
\chapter{IMPLEMENTATION}
\section{Project Development Objective}
- The objective of this project was to produce a web application that would allow an organisation to create, store and share and submit completed compliance forms, in order to reduce the cost of tracking and maintaining compliance to any cyber security standard.
+ The objective of this project was to produce a web application that would allow an organisation to create, store, share and submit completed compliance forms in order to reduce the cost of tracking and maintaining compliance to any cyber security standard.
\subsection{Functionality}
- The application, called CompForge, allows a user to create custom compliance forms, which are stored on a serverless database, hosted on Google Firebase. These forms can be shared with partners - other users that are added in a similar fashion to friends or followers on social media. When a form is shared with a partner, that partner can complete and return it to the original user, with their given responses to each question.
+ The application, called CompForge, allows a user to create custom compliance forms, which are stored on a serverless database and hosted on Google Firebase. These forms can be shared with partners, that is other users that are added in a similar fashion to friends or followers on social media. When a form is shared with a partner, that partner can complete and return it to the original user with their given responses to each question.
\section{Technologies}
- The implementation of a variety of different features was required to complete the application and this required the employment of a number of different technologies. Requirements included a fast and flexible frontend framework to reduce loading times and adapt quickly to changes from the backend, a real-time database to send those changes to the frontend, and good out-of-the-box security.
+ The implementation of a variety of different features was required to complete the application and this entailed the employment of a number of different technologies. Requirements included a fast and flexible frontend framework to reduce loading times and adapt quickly to changes from the backend, a real-time database to send those changes to the frontend, and good out-of-the-box security.
\begin{table}[H]
\centering
@@ -60,38 +60,38 @@
\end{table}
\subsection{React}
- React is a JavaScript library specialising in the development of user interfaces, developed and maintained by Facebook. \cite{React} React was chosen as the medium for the frontend due to it's manipulation of the virtual DOM, which reduces loading times; reusable components to increase development speed, and built-in defence against Cross Site Scripting attacks. Given that the core of the application involves user inputting data to forms, the latter is especially important.
+ React is a JavaScript library specialising in the development of user interfaces, developed and maintained by Facebook. \cite{React} React was chosen as the medium for the frontend due to its manipulation of the virtual DOM which reduces loading times, its reusable components to increase development speed, and its built-in defence against Cross Site Scripting attacks. Given that the core of the application involves user inputting data to forms, the latter is especially important.
\subsubsection{Redux/Thunk}
- Redux was utilised to manage the state of the application, including the user's data, and whether they are authenticated. Redux imposes certain restrictions when it comes to state management, increasing a developer's control over how and when the state can be updated.
+ Redux was utilised to manage the state of the application, including the user's data and whether they are authenticated. Redux imposes certain restrictions when it comes to state management, increasing a developer's control over how and when the state can be updated.
- To change the application's state, you need to dispatch an action (a JavaScript object). The action and the application's current state are passed into a JavaScript function, called a reducer. A reducer takes these two parameters and returns the new state of the application. Usually the state of an application will be quite large, so instead of managing the entire state with a single reducer, multiple reducers are written to manage different parts of the state.
+ To change the application's state, you need to dispatch an action (a JavaScript object). The action and the application's current state are passed into a JavaScript function, called a reducer. A reducer takes these two parameters and returns the new state of the application. Usually the state of an application will be quite large so instead of managing the entire state with a single reducer, multiple reducers are written to manage different parts of the state.
- Thunk allows asynchronous logic to interact with the state. It was used in CompForge to do ...
+ Thunk allows asynchronous logic to interact with the state. It was used in CompForge to do ... TODO
\subsubsection{Code Structure}
- The structure of the React frontend is heavily influenced by create-react-app - a tool used in this project to get a head start on the setup and configuration of the frontend application. Since there is no recommended way to structure React projects, my opinion on the best way to do this for the remainder source code was to group by page, thereby simplifying the process of finding and editing related components.
+ The structure of the React frontend is heavily influenced by create-react-app - a tool used in this instance to get a head start on the setup and configuration of the frontend application. Since there is no recommended way to structure React projects, I decided that the best method for the remainder source code was to group by their type (components, reducers and actions) thereby simplifying the process of finding and editing related components.
\subsubsection{Single Page Application and Routing}
- Another reason for using the create-react-app tool is that it initialises the application as a single-page application (SPA), which further reduces the loading time for users. As an SPA, the entire frontend is loaded when the user enters the application, and it is not necessary to load anything further, even when navigating the app. From there all the routing between the different pages is done by React Router, a library of React components that are used to navigate between pages in an SPA. However, everything in React is a component, including the \textquoteleft pages\textquoteright, and so the beauty of React Router is that it allows redirection between components, and as such, will only need to re-render the relevant component(s) that are being loaded to the screen, as opposed to the entire page.
+ Another reason for using the create-react-app tool, is that it initialises the application as a single-page application (SPA), which further reduces the loading time for users. As an SPA, the entire frontend is loaded when the user enters the application and it is not necessary to load anything further, even when navigating the app. From there, all the routing between the different pages is done by React Router, a library of React components that are used to navigate between pages in an SPA. However as everything in React is a component, including the \textquoteleft pages\textquoteright, the advantage of React Router is that it allows redirection between components, and as such, will only need to re-render the relevant component(s) that are being loaded to the screen, as opposed to the entire page.
\subsubsection{Node.js}
Node is a free cross platform open source server environment that runs JavaScript. It was used in this project as a local testing environment as it allows the React project to run on a local development server. Node also manages a range of modules that the project was dependent on, including Material-UI, and the Firebase CLI.
\subsection{Google Firebase}
- Firebase is Google's mobile application development platform. \cite{Firebase} It is used by many large applications such as Lyft, Venmo and Trivago for its multitude of services including hosting, authentication, database, storage, and functions.
+ Firebase is Google's mobile application development platform. \cite{Firebase} It is used by many large applications such as Lyft, Venmo and Trivago for its multitude of services including hosting, authentication, database, storage and functions.
\subsubsection{Firestore}
- The benefit of using Firebase's database (called Firestore) is that data sent to the database is immediately forwarded on to relevant interested instances of the application, so changes made by one user can update another user in close to real time. In addition, you can add multiple apps to the service and they will all share the same database, making maintaining the application across multiple platforms, like Web, iOS and Android far easier, however, this project is only a web application.
+ The benefit of using Firebase's database (known as Firestore) is that data sent to the database is immediately forwarded on to relevant interested instances of the application so changes made by one user can update another user in close to real time. In addition, you can add multiple apps to the service and they will all share the same database making maintaining the application across multiple platforms, like Web, iOS and Android far easier.
\subsubsection{Serverless Architecture}
- Serverless architecture is the model Firebase uses as its platform. It is not, in fact, serverless as the name suggests. It simply means that the need for server software and hardware management by the developer is erased, because the infrastructure is provided by a host, like Firebase. This allows for improved scalability for hosted applications.
+ Serverless architecture is the model Firebase uses as its platform. It is not, in fact, serverless as the name suggests. It simply means that the need for server software and hardware management by the developer is erased because the infrastructure is provided by a host, like Firebase. This allows for improved scalability for hosted applications.
\section{Progression}
- This section describes the progression of the implementation during each sprint. The original plan for these sprints is laid out in chapter 8. Much of the implementation took longer than expected due to the fact it was the first time many of the technologies were being used, resulting in a steep learning curve for myself.
+ This section describes the progression of the implementation during each sprint. The original plan for these sprints is laid out in chapter 8. Much of the implementation took longer than expected due to the fact it was the first time many of the technologies were being used, resulting in a steep learning curve.
\subsection{Sprint 1}
- The implementation started with the installation and running of create-react-app to kickstart frontend development. From there Material-UI components were used and tweaked alongside custom code to construct the \textquotedblleft Dashboard\textquotedblright\, and \textquotedblleft Create a Form\textquotedblright\ pages. Below is a screenshot of an early iteration of the dashboard.
+ The implementation started with the installation and running of create-react-app to kickstart frontend development. From there, Material-UI components were used and tweaked alongside custom code to construct the \textquotedblleft Dashboard\textquotedblright\, and \textquotedblleft Create a Form\textquotedblright\ pages. Below is a screenshot of an early iteration of the dashboard.
\begin{figure}[H]
\center
@@ -100,7 +100,7 @@
\end{figure}
\subsection{Sprint 2}
- A \textquoteleft Compforge\textquoteright\ project was created on Firebase. Some configuration in the React code ws needed to connect to the project's Firestore. In addition, a lot of work was done to implement the Redux/Thunk reducers and actions needed to store and manipulate the state of the application.
+ A \textquoteleft Compforge\textquoteright\ project was created on Firebase. Some configuration in the React code was needed to connect to the project's Firestore. In addition, a considerable amount of work was done to implement the Redux/Thunk reducers and actions needed to store and manipulate the state of the application.
\begin{figure}[H]
\center
@@ -112,10 +112,10 @@
With the basics finished, the next step was to set up authentication and user accounts, implemented using Firebase Authentication. For simplicity, I only configured sign ups by email, though it is possible to set up authentication via many other methods in Firebase namely; phone number, Google, Facebook, Twitter, GitHub, Yahoo, Microsoft and Apple accounts. Once accounts and authentication were completed, the frontend needed a \textquoteleft Sign up\textquoteright\ and \textquoteleft Sign in\textquoteright\ page. Using a Material-UI template, some configuration of the React code, as well as adjustments to the routing, the ability to sign up, sign in and sign out was added to the web app.
\subsection{Sprint 4}
- After user accounts had been set up, the had been to implement the partner system. However, due to time constraints (discussed further in Chapter 7: Evaluation) this requirement was removed. Instead work focused on finishing the MVP; saving forms from the form creation page to Firestore, and the ability to share forms direct to users via their email addresses.
+ After user accounts had been set up, the intention had been to implement the partner system. However, due to time constraints (discussed further in Chapter 7: Evaluation) this requirement was removed. Instead work focused on finishing the MVP; saving forms from the form creation page to Firestore, and the ability to share forms direct to users via their email addresses.
\subsection{Sprint 5}
- The final requirements were for a user to create submissions for forms that are shared with them, and to view forms and submissions. After creating a frontend page for completing and submitting a form, and adding it to the routing, the submissions were stored in Firestore in their own collection.
+ The final requirements were for a user to create submissions for forms that are shared with them and to view forms and submissions. After creating a frontend page for completing and submitting a form, and adding it to the routing, the submissions were stored in Firestore in their own collection.
\subsection{Sprint 6}
Refinements to the UI were made to improve the user experience, including changes to the columns shown on the form table on the dashboard. Some compiler warnings were also cleared and links between the \textquotedblleft sign in\textquotedblright\ and \textquotedblleft sign up\textquotedblright\ pages were created.
\ No newline at end of file
diff --git a/report/6_TestingAndSoftwareValidation.tex b/report/6_TestingAndSoftwareValidation.tex
index 18b675af359ff335184501277614f68e59e0f961..8d06eb74b7e60570cdc7d286bb5abc0c94784ccc 100644
--- a/report/6_TestingAndSoftwareValidation.tex
+++ b/report/6_TestingAndSoftwareValidation.tex
@@ -6,7 +6,7 @@
Verification and validation are essential parts of any software project. Consequently, multiple different methods for testing the application have been employed to confirm that the application is fully functional and robust, from manual and automated to user and requirements testing.
\section{Verification}
- Verification tests have been carried to make sure that all functionality has been implemented in the project to meet the requirements of the target users.
+ Verification tests have been carried out to make sure that all functionality has been implemented in the project to meet the requirements of the target users.
\subsection{Requirements testing}
@@ -17,7 +17,7 @@
Requirement & Expectation & Outcome & Result\\
\hline
\hline
- \makecell{Register} & \makecell{Use email address to\\create an account} & \makecell{Users are able to use their\\email address to create a\\persistent account} & \cellcolor{green}\checkmark\\
+ \makecell{Register} & \makecell{Use email address to\\create an account} & \makecell{Users are able to use their\\email address to create an\\account} & \cellcolor{green}\checkmark\\
\hline
\makecell{Sign in} & \makecell{Use email address and\\password created at sign\\up to sign in} & \makecell{Users are able to login} & \cellcolor{green}\checkmark\\
\hline
@@ -27,13 +27,13 @@
\hline
\makecell{View Form} & \makecell{View created forms} & \makecell{Users can view their own\\forms and those of other\\users that have been shared\\with them.} & \cellcolor{green}\checkmark\\
\hline
- \makecell{Share Form} & \makecell{Share a form created\\by the user with\\another user} & \makecell{Sharing a form with\\another user allows that\\ user to view, fill out and\\return a form submission} & \cellcolor{green}\checkmark\\
+ \makecell{Share Form} & \makecell{Share a form created\\by the user, with\\another user} & \makecell{Sharing a form with\\another user allows that\\ user to view, fill out and\\return a form submission} & \cellcolor{green}\checkmark\\
\hline
\makecell{Edit Form} & \makecell{Edit the questions and\\responses of created forms.} & \makecell{Requirement dropped due\\to time constraints as it\\was not a part of the MVP.} & \cellcolor{red}\texttimes\\
\hline
\makecell{Delete Form} & \makecell{Delete a form created\\by the user} & \makecell{Deleting a form that\\was originally created by\\that user. Unable to\\delete forms created\\by other users} & \cellcolor{green}\checkmark\\
\hline
- \makecell{Form Submission} & \makecell{To return a user's responses\\to a form to its author} & \makecell{Users can select responses\\for each form's questions\\and submit their responses\\to the form's author} & \cellcolor{green}\checkmark\\
+ \makecell{Form Submission} & \makecell{To return a partner's responses\\to a form to the user} & \makecell{Users can select responses\\for each form's questions\\and submit their responses\\to the form's author} & \cellcolor{green}\checkmark\\
\hline
\makecell{Add Partner} & \makecell{To search and add another\\user as a partner} & \makecell{Requirement dropped due\\to time constraints as it\\was not a part of the MVP.} & \cellcolor{red}\texttimes\\
\hline
@@ -61,7 +61,7 @@
\end{itemize}
\subsection{Robot Framework}
- The testing and validation of the application was done using Robot Framework. Robot Framework is a generic, open source, automation framework for acceptance testing \cite{Robot}, developed with Python. The framework has many libraries that extend its functionality, and one such library is Selenium, which was used extensively to automatically drive the application's user interface.
+ The testing and validation of the application was done using Robot Framework. Robot Framework is a generic, open source, automation framework for acceptance testing \cite{Robot}, developed with Python. The framework has many libraries that extend its functionality, and one such library is Selenium which was used extensively to automatically drive the application's user interface.
\subsubsection{Integration}
TODO:
diff --git a/report/7_Evaluation.tex b/report/7_Evaluation.tex
index 8cf30673c1ca7b652b7b1d9b4b6e59f71587f874..250bed6636fdb5425f641132b14cc1ce5d10fe80 100644
--- a/report/7_Evaluation.tex
+++ b/report/7_Evaluation.tex
@@ -3,12 +3,12 @@
%% ----------------------------------------------------------------
\chapter{EVALUATION}
-This chapter will evaluate the project by critical evaluation and will discuss the results of the requirements testing, taking into consideration issues that were faced during implementation.
+This chapter will appraise the quality of the project by critical evaluation and discuss the results of the requirements testing taking into consideration issues that were encountered during implementation.
\section{Critical Evaluation}
While React was a good choice from a development and maintenance point of view, it would probably have been more prudent to use a language/library/framework with which I was already more familiar. Whilst a great deal was learned from the implementation of this project, it was significantly delayed - in part due to the time required to learn how to properly use the React library, including React Router and Redux/Thunk.
- With regard to the outcome of the project versus the initial functional requirements, the project is functional because all of the components identified as the MVP have been implemented, however with the obvious downfall that some features, namely adding partners and editing forms, were not implemented which was disappointing, albeit unavoidable, given the delays.
+ With regard to the outcome of the project versus the initial functional requirements, the project is functional because all of the components identified as the MVP have been implemented. However with the obvious downfall that some features, namely adding partners and editing forms, were not implemented which was disappointing, albeit unavoidable, given the delays.
\section{Project Management}
diff --git a/report/8_Conclusions.tex b/report/8_Conclusions.tex
index 3c2a1d1b9330e401fa25a6b57de12f77fa29917f..977b72d2f6e05863676e6b74fe7a80b12554d02f 100644
--- a/report/8_Conclusions.tex
+++ b/report/8_Conclusions.tex
@@ -3,24 +3,24 @@
%% ----------------------------------------------------------------
\chapter{CONCLUSION} \label{Chapter: Conclusions}
-This project aimed to enable SMEs to create and customise their own compliance forms in order to stay up to date with the latest cyber security standards, as well as ensure that their partner organisations and other organisations in their supply chain are keeping to those same standards. CompForge has lowered the time and cost required to perform these tasks, with a user-friendly UI and real time updates from the application's Firestore database.
+This project aimed to enable SMEs to create and customise their own compliance forms in order to stay up to date with the latest cyber security standards, as well as ensure that their partner organisations and other organisations in their supply chain are keeping to those same standards in an economically efficient way. CompForge has lowered the time and cost required to perform these tasks, with a user-friendly UI and real time updates from the application's Firestore database.
\section{Improvements}
After evaluating the application and comparing it to competitors, a number of improvements that could be made have come to mind.
- The ability to edit forms that have already been created, would be a useful tool in case a mistake is found, or an update is required. This is to be expected in the continuously growing field of cyber security, as doubtless many of the standards that are active today will change with time as technology continues to move forward along with the threats.
+ The ability to edit forms that have already been created would be a useful tool in case a mistake is found, or an update is required. This is to be expected in the continuously growing field of cyber security, as doubtless many of the standards that are active today will change with time as technology continues to move forward along with the threats.
- On the same vein, it would be useful to add the ability to share a form with new partners after it has been created. Organisations change and grow, and it could be necessary to share a form with additional organisations.
+ In the same vein, it would be useful to add the ability to share a form with new partners after it has been created. Organisations change and grow, and it could be necessary to share a form with additional organisations.
To save time, another useful feature would be the ability to add partners in a similar way to adding a friend on a social media platform. There would be no need to look up email addresses every time you needed to share a new form with an existing partner.
- Finally, the number of forms you can create and share is technically infinite, so a search bar and sorting filter would both be useful additions to the application.
+ Finally, the number of forms that can be created and shared is technically infinite so a search bar and sorting filter would be useful additions to the application.
\section{Future Work}
- Further to the above improvements, there are some more major improvements that could be made with future work.
+ Further to the above enhancements, there are some more major improvements that could be made with future work.
- Specifically, a feature that allows a user to export form templates and specific submissions from partners to a particular format. Users may wish to print another user's submission to their form or share a form template with another user.
+ Specifically, a feature that allows a user to export form templates and specific submissions from partners into a particular format. Users may wish to print another user's submission to their form or share a form template with another user.
Conversely, the ability to import existing form templates would allow users to share popular standards such as; ISO/IEC 27001, Cloud Controls Matrix, the Cyber Essentials Scheme, or its progeny, IASME.
diff --git a/report/master.pdf b/report/master.pdf
index 937e19bd8b909e81652b2f0245bf71fe1d58cb36..910b2eb483cc0b29de4f5fa472216cf1bbb6ce1b 100644
Binary files a/report/master.pdf and b/report/master.pdf differ