merged project goals into introduction

report/1_Introduction.tex

@@ -4,14 +4,26 @@
 \chapter{INTRODUCTION}
 
 \section{Overview}
-    Many businesses require their partners to comply with numberous and varied cyber security compliances, of which there are literally hundreds. Cyber supply chain risk management (CSCRM) differs from cyber security, by gaining a higher degree of governance over the company in question, and over its extended enterprise partners, such as all its suppliers and customers. Whereas cyber security only considers security of a technical nature, CSCRM attempts to encompass both managerial and human factors in preventing risks from disrupting IT systems\textquoteright\ operations. \cite{CSCRM}
+    Many businesses require their partners to comply with numerous and varied cyber security compliances, of which there are literally hundreds. Cyber supply chain risk management (CSCRM) differs from cyber security, by gaining a higher degree of governance over the company in question, and over its extended enterprise partners, such as all its suppliers and customers. Whereas cyber security only considers security of a technical nature, CSCRM attempts to encompass both managerial and human factors in preventing risks from disrupting IT systems\textquoteright\ operations. \cite{CSCRM}
 
-    Section two will go on to talk about compliance in cyber security, cyber crime, supply chains and the impacts of security breaches on businesses. Section three will look at use cases, requirements, risks and functionality for the proposed application. Section four will give an overview of the work completed so far, and the work remaining.
+    The following section will give an overview of the project\textquoteright s goals and objectives. The subsequent sections will go on to talk about compliance in cyber security, cyber crime, supply chains and the impacts of security breaches on businesses, use cases, requirements, risks and functionality for the proposed application, followed by the proposed design of the implementation for the application.
 
 \section{Problem}
-    Keeping track of each company\textquoteright s compliance to a specific standard is a lengthy and potentially expensive task since it can be very difficult to maintain without the use of an external service or consultant. Due to the time and experience level required, it is unlikely to be something a system administrator will be able to do on top of their other responsibilities, and a specialist will, in all likelihood, be too expensive for most SMEs.
+    Keeping track of each company\textquoteright s compliance to a specific standard is a lengthy and potentially expensive task since it can be very difficult to maintain without the use of an external service or consultant. Due to the time and experience level required, it is unlikely to be a task a system administrator would be able to perform in addition to their other responsibilities, and a specialist will, in all likelihood, be too expensive for most SMEs.
+
+    An automatically generated cyber security compliance form engine, could provide a low cost, time efficient solution for businesses that need a flexible, customisable way of tracking their partner\textquoteright s compliance - or their own compliance - with multiple standards.
 
 \section{Aim}
-    An automatically-generated cyber security compliance engine, could provide a low cost, time efficient solution for businesses that need a flexible, customisable way of tracking their partner\textquoteright s compliance - or their own compliance - with multiple standards.
+    Ultimately, the goal of the project is to enable organisations to maintain and improve their cyber security by adhering to various compliance standards such as the guidelines set out by the UK government's Cyber Essentials scheme. The scheme aims to protect organisations from a range of attacks that could be carried out by relatively unskilled individuals - the most common cyber threat to businesses. \cite{CyberEssentials}
+
+    \subsection{Research}
+        A thorough review of relevant literature will be required to fully understand the problem and the existing solutions, if any exist. If they do, an assessment of possible improvements that could be made to those solutions should also be executed. A section detailing the analysis of the requirements for the project will be required to determine and gauge the feasibility and enable the planning and design of the application itself. This should include an assessment of likely risks to the project.
+
+    \subsection{Development and Testing}
+        The implementation of the web application, in a manner which allows for easy maintenance, extensions and other improvements at a later date. To ensure the functionality of all parts of the application, a testing system should also be implemented - set up as continuous integration with regression testing. This software validation should be automated for consistency and to save time. 
+    
+    \subsection{Analysis and Evaluation}
+        An analysis of the results of the testing and of the implementation should be carried out after it is finalised, to establish adherence to the designs and assure the quality of the code. Furthermore, an evaluation of this project and its management should be performed. Finally, a summary of possible future work that could be carried out should be developed, to improve upon this project and/or extend it.
 
-    The goal of this project is to create a client-server system that will generate and store compliance forms for the end-user. The forms will be automatically generated via an interface on the application by a user, and accessible by \textquoteleft partners\textquoteright. Partners will be other users that can be added by the primary user, much like friends or followers on a social media application. Users will be able to update the forms\textquoteright\ parameters, and partners will be able to update their answers to the forms, at a later date. This project is a cloud-based application, and it will deal with cyber security compliance only - no other forms of compliance will be within the scope of this project.
\ No newline at end of file
+    \subsection{Functionality}
+        The goal of the application is to have a system that will generate and store compliance forms for the end-user. The forms will be automatically generated via an interface on the application by a user, and accessible by \textquoteleft partners\textquoteright. Partners will be other users that can be added by the primary user, much like friends or followers on a social media application. Users will be able to update the forms\textquoteright\ parameters, and partners will be able to update their answers to the forms, later on. This project is a cloud-based application, and it will deal with cyber security compliance only - no other forms of compliance will be within the scope of this project.
\ No newline at end of file

report/2_ProjectGoals.tex

@@ -4,10 +4,4 @@
 \chapter{PROJECT GOALS}
 
 \section{Objectives}
-    Ultimately, the goal of the project is to enable organisations to maintain and improve their cyber security by adhering to various compliance standards such as the guidelines set out by the UK government's Cyber Essentials scheme. The scheme aims to protect organisations from a range of attacks that could be carried out by relatively unskilled individuals - the most common cyber threat to businesses. \cite{CyberEssentials}
     
\ No newline at end of file
-    A thorough review of relevant literature will be required to fully understand the problem and the existing solutions, if any exist. If they do, an assessment of possible improvements that could be made to those solutions should also be executed. A section detailing the analysis of the requirements for the project will be required to determine and gauge the feasibility and enable the planning and design of the application itself. This should include an assessment of likely risks to the project.
-
-    The implementation of the web application, in a manner which allows for easy maintenance, extensions and other improvements at a later date. To ensure the functionality of all parts of the application, a testing system should also be implemented - set up as continuous integration with regression testing. This software validation should be automated for consistency and to save time. 
-    
-    An analysis of the implementation should be carried out after it is finalised, to establish adherence to the designs and assure the quality of the code. Furthermore, an evaluation of this project and its management should be performed. Finally, a summary of possible future work that could be carried out should be developed, to improve upon this project and/or extend it.
\ No newline at end of file

report/3_BackgroundAndLiteratureReview.tex

@@ -36,10 +36,14 @@
 
 
 \section{Previous and Similar Work}
-    TO DO
+    Below is an evalutation of two examples of other software found during background research for the project. Each have similar functionality to that of this project.
 
-    \subsection{Example 1}
-        TODO
+    \subsection{Formstack}
+        Formstack boasts a drag and drop interface to allow quick and easy customisation of a form you create, with various components for different data types and layouts and you can see your changes in real time. The product is aimed at developers and non-technical people, offering a time-saving way to build forms for a wide variety of different functions, including collecting payments, gathering customer data and automating day-to-day tasks.
+
+        At the time of writing, the product has multiple pricing tiers, starting from \$19 USD per month with 'Bronze' and ending up at a \$249 USD per month for 'Platinum', which includes \textquotedblleft Advanced data collection features \& priority supprot\textquotedblright. There is also an 'Enterprise' edition, however pricing for that seems to be on a case-by-case basis.
+
+        The range of customisations available in Formstack make it a generic solution in comparison to the specialised nature of that proposed in this project, which will have a more streamlined interface and method for form creation. Compliance forms have a more straightforward and predictable structure, a fact which was taken advantage of during the design phase (see Section X).
     
     \subsection{Example 2}
         TODO
\ No newline at end of file

report/master.tex

@@ -42,7 +42,7 @@
 \mainmatter
 
 \include{1_Introduction}
-\include{2_ProjectGoals}
+% \include{2_ProjectGoals}
 \include{3_BackgroundAndLiteratureReview}
 \include{4_RequirementsAndAnalysis}
 \include{5_Design}