The implementation of the web application, in a manner which allows for easy maintenance, extensions and other improvements at a later date, is essential. To ensure the functionality of all parts of the application, a testing system should also be implemented - set up as continuous integration with regression testing. This software validation should be automated for consistency and to save time.
\subsection{Analysis and Evaluation}
An analysis of the results of the testing and of the implementation should be carried out after it is finalised, to establish adherence to the designs and assure the quality of the code. Furthermore, an evaluation of this project and its management should be performed. Finally, a summary of possible future work that could be carried out should be developed, to improve upon this project and/or extend it.
\subsection{Analysis}
An analysis of the results of the testing and of the implementation should be carried out after it is finalised, to establish adherence to the designs and assure the quality of the code.
\subsection{Functionality}
The goal of the application is to have a system that will generate and store compliance forms for the end-user. The forms will be automatically generated via an interface on the application by a user, and accessible by \textquoteleft partners\textquoteright. Partners will be other users that can be added by the primary user, much like friends or followers on a social media application. Users will be able to update the forms\textquoteright\ parameters, and partners will be able to update their answers to the forms, later on. This project is a cloud-based application, and it will deal with cyber security compliance only - no other forms of compliance will be within the scope of this project.
\ No newline at end of file
\subsection{Evaluation}
An evaluation of the whole project including its management should be performed. Finally, a summary of possible future work that could be carried out should be developed, to improve upon this project and/or extend it.
\section{Functionality}
The goal of the application is to have a system that will generate and store compliance forms for the end-user. The forms will be automatically generated via an interface on the application by a user, and accessible by \textquoteleft partners\textquoteright. Partners will be other users that can be added by the primary user, much like friends or followers on a social media application. Users will be able to update the forms\textquoteright\ parameters, and partners will be able to update their answers to the forms, later on. This project is a cloud-based application, and it will deal with cyber security compliance only - no other forms of compliance will be within the scope of this project.
Compliance is an important, expensive, and complex problem to deal with. \cite{ComplianceGovernance} It relates to the conformance to a set of laws, regulations, policies or best practices. \cite{ComplianceGovernance} These sets of rules are known as standards. Organisations can be required to take steps to put policies and controls in place that ensure conformity with the regulations outlined in their given compliance standard(s), the purpose of which is to safeguard the organisation against security threats.
\subsection{Compliance in Cyber Security}
Cyber security is the body of technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access. \cite{CSCRM} Cyber security standards have existed for a long time, affecting the necessary policies and practices of individuals and organisations over the last several decades. \cite{StanfordConsortium} Various regulations and legislation often struggle to keep up with the latest cyber threats due to the rapid evolution of the field. \cite{GDPR} As a result of the expanding pool of available tools, there is an ever-increasing number of people able to access the world of cyber crime. This makes it all the more crucial that conforming to the latest standards becomes an imperative for every company, regardless of the size of the enterprise. The hope for this project is that it will help to enable organisations to achieve compliance with any given standard in a cost effective manner.
\subsection{Cyber Essentials}
The UK Government worked with a number of other institutions to develop Cyber Essentials, a set of basic standards to help organisations defend themselves from common security threats online. \cite{CyberEssentials} The scheme is designed to prevent unskilled individuals from being able to find basic vulnerabilities in an organisation by providing advice, and two different levels of certification; \textquotedblleft Cyber Essentials\textquotedblright\ and \textquotedblleft Cyber Essentials Plus\textquotedblright. The former is a self-assessment designed to be light-weight and easy to follow, while in the latter, a certification body carries out the verification of the organisation\textquoteright s cyber security, instead of it being done by the company in question.
\section{Crime}
There has been a significant increase in cyber criminal activity in recent years. \cite{GDPR} The methods used by criminals are currently changing as businesses begin to be targeted more frequently than individuals. \cite{GDPR} Cyber crime is growing at a rapid rate, making it increasingly troublesome for regulations and legislation to keep pace, resulting in outdated laws that are often unfit for purpose. \cite{GDPR}
...
...
@@ -21,6 +12,15 @@
\subsection{Supply Chain Security}
Supply chain security concentrates on the threats linked to an organisation\textquoteright s suppliers of goods and services, many of which potentially have considerable access to assets belonging to the company or to its customer data. \cite{CombattingCyberRisks}
\section{Compliance}
Compliance is an important, expensive, and complex problem to deal with. \cite{ComplianceGovernance} It relates to the conformance to a set of laws, regulations, policies or best practices. \cite{ComplianceGovernance} These sets of rules are known as standards. Organisations can be required to take steps to put policies and controls in place that ensure conformity with the regulations outlined in their given compliance standard(s), the purpose of which is to safeguard the organisation against security threats.
\subsection{Compliance in Cyber Security}
Cyber security is the body of technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access. \cite{CSCRM} Cyber security standards have existed for a long time, affecting the necessary policies and practices of individuals and organisations over the last several decades. \cite{StanfordConsortium} Various regulations and legislation often struggle to keep up with the latest cyber threats due to the rapid evolution of the field. \cite{GDPR} As a result of the expanding pool of available tools, there is an ever-increasing number of people able to access the world of cyber crime. This makes it all the more crucial that conforming to the latest standards becomes an imperative for every company, regardless of the size of the enterprise. The hope for this project is that it will help to enable organisations to achieve compliance with any given standard in a cost effective manner.
\subsection{Cyber Essentials}
The UK Government worked with a number of other institutions to develop Cyber Essentials, a set of basic standards to help organisations defend themselves from common security threats online. \cite{CyberEssentials} The scheme is designed to prevent unskilled individuals from being able to find basic vulnerabilities in an organisation by providing advice, and two different levels of certification; \textquotedblleft Cyber Essentials\textquotedblright\ and \textquotedblleft Cyber Essentials Plus\textquotedblright. The former is a self-assessment designed to be light-weight and easy to follow, while in the latter, a certification body carries out the verification of the organisation\textquoteright s cyber security, instead of it being done by the company in question.
\section{Impacts}
Cyber attacks are financially devastating and disrupting to people and businesses. Successful attacks have the potential to expose personal information, leaving the victims of these security breaches vulnerable to fraud. \cite{CyberCrime} Victims are also left vulnerable to further attacks, using the information previously gathered by attackers.
The design of the web application will be based on the requirements established in the previous chapter, coupled with standards for user friendly interfaces and the user experience.
\section{Conducting User Research}
In order to design a good user interface, one needs to take into account who the user is and what kind of interface will suit them.
In an SME, any one person could be in charge of compliance, from an employee in IT to someone in an administration role or even the CEO. In light of the fact that the application must allow for both technical and non-technical users, the design must be as accessible as possible. In order to ensure accessibility, the application will be designed with non-technical users in mind, and to that end will also be tested and evaluated by them.
\subsection{Competitor Research}
Existing products have been evaluated in chapter 2. As previously stated, the design of these products is unncessecarily bloated for the purpose of producing cyber security compliance forms. Such products are designed to generate many other form types, whereas this product capitalises on the simple structure of compliance to streamline the design of the tool needed to build them.
\subsection{User Personas}
Creating personas allows the production of dependable, authentic representations of the target user group, in order to perform stakeholder analysis. \cite{Personas}
\begin{itemize}
...
...
@@ -32,11 +29,9 @@ The design of the web application will be based on the requirements established
\section{User Flows and Wireframes}
This section will illustrate the flow of the application from beginning to end, similar to the flow charts in chapter 3, but with wireframes representing the UI and how each page will transition to another.
\subsection{Wireframes}% 2D outline of single page
TODO: Sign in / Sign up wireframe
TODO: Dashboard wireframe
...
...
@@ -46,16 +41,14 @@ The design of the web application will be based on the requirements established
TODO: Add a Partner wireframe
\subsection{Flow Charts}% Map journey
TODO: Minified versions of the wireframes with arrows and generally flowiness...
\section{Material-UI}
Material-UI is a popular React UI framework for faster and easier web development. It has a massive suite of components that help with building a fully customisable UI, it is incredibly well documented and it receives regular monthly updates from its developers. For these reasons, Material-UI has been used for many of the components in the project in order to increase development speed.
\section{Minimum Viable Product}
\section{Minimum Viable Product}
The Minimum Viable Product (MVP) is the encapsulation of the core features that allow an application to function. While not fully functional, it will have the necessary functionality to allow the application to work at its most basic level, and it provides a solid starting point for a project to work towards.
In the case of CompForge, the core features consist of the ability for a user to create and store a form, and share it with another user. Features like creating persistent accounts, authentication, adding other users as partners were integrated after this first iteration was completed.
