diff --git a/report/0_Abstract.tex b/report/0_Abstract.tex
index a589b1357d2c559ea6151df7cd1d6ae62599bfca..438fe2651a1ed32220357831012cec0932c0e67d 100644
--- a/report/0_Abstract.tex
+++ b/report/0_Abstract.tex
@@ -1,6 +1,6 @@
\section*{Abstract}
-Hundreds of cyber security standards exist, and many businesses require their partner companies and/or members of their supply chain to comply with these various and numerous standards. Given difficulties and expense in tracking such companies' compliance standards without the use of expensive external partners, most companies find this a significant challenge. Time and experience constraints by administrators often prevent such tracking in addition to their normal duties leaving only the cost alternative of a specialist consultant.
+Hundreds of cyber security standards exist, and many businesses require their partner companies and/or members of their supply chain to comply with these various and numerous standards. Given the difficulties and expense in tracking such companies' compliance standards without the use of expensive external partners, most companies find this a significant challenge. Time and experience constraints by administrators often prevent such tracking in addition to their normal duties leaving only the cost alternative of a specialist consultant.
To address this need, an engine that could automatically generate cyber security compliance forms would provide a low cost, time efficient alternative for businesses that need a flexible and customisable way to track their partners' compliance (or their own compliance) with multiple standards.
diff --git a/report/3_RequirementsAndAnalysis.tex b/report/3_RequirementsAndAnalysis.tex
index 4b8f11fe883811234dcdabb5b66290112ce19cfd..f5bf91ea719bf43e8d35dab0a69ad45019ec7538 100644
--- a/report/3_RequirementsAndAnalysis.tex
+++ b/report/3_RequirementsAndAnalysis.tex
@@ -200,26 +200,70 @@ This chapter analyses the requirements of the proposed application and informs t
\hline
Availability & \makecell{The application must always be accessible. Loss of\\availability could lead to users leaving the application for\\ more reliable competitors.}\\
\hline
+ Ease of use & \makecell{The application must be intuitive to use due to the\\mixed technical skill level of the target users.}\\
+ \hline
\end{tabular}
\caption{Non-Functional Requirements}
\end{table}
\section{SWOT Analysis}
- A Strengths-Weaknesses-Opportunities-Threats or SWOT analysis was established to assess the internal and external factors affecting the project, outlining its potential and actual advantages and impediments.
+ A Strengths-Weaknesses-Opportunities-Threats or SWOT analysis is a strategic planning tool used to evaluate the internal and external factors affecting the project. \cite{investopedia}
\begin{table}[H]
\centering
\begin{tabular}{|c|c|}
\hline
- \cellcolor{Green}\makecell{\textbf{Strengths}\\} & \cellcolor{Orange}\makecell{\textbf{Weaknesses}\\}\\
+ \cellcolor{Green}\textbf{\underline{Strengths}} & \cellcolor{Orange}\textbf{\underline{Weaknesses}}\\
+ \cellcolor{Green}- Intuitive user interface & \cellcolor{Orange}- Rigid format may limit number of users\\
+ \cellcolor{Green}- Streamlined form creation & \cellcolor{Orange}- Only designed for compliance forms\\
+ \cellcolor{Green}- No need to remember partner emails & \cellcolor{Orange}\\
+ \cellcolor{Green}- High degree of control over access & \cellcolor{Orange}\\
\hline
- \cellcolor{Cyan}\makecell{\textbf{Opportunities}\\} & \cellcolor{Red}\makecell{\textbf{Threats}\\}\\
+ \cellcolor{Cyan}\textbf{\underline{Opportunities}} & \cellcolor{Red}\textbf{\underline{Threats}}\\
+ \cellcolor{Cyan}- Could implement searching/sorting & \cellcolor{Red}- Similar apps exist with more customisation\\
+ \cellcolor{Cyan}- Could implement import/export & \cellcolor{Red}- The hosting service may start charging\\
\hline
\end{tabular}
\caption{Risk Levels}
\end{table}
-\section{Muscow Analysis}
+\section{MuSCoW Analysis}
+ MuSCoW analysis is a prioritisation strategy for managing priorities. \cite{AgileBusiness} The four parts are short for \textquoteleft \textbf{must} have\textquoteright, \textquoteleft \textbf{Shoud} have\textquoteright, \textquoteleft \textbf{Could} have \textquoteright and \textquoteleft \textbf{Won't} have (this time)\textquoteright. \cite{AgileBusiness} The technique helps to establish the essential and optional components of a project relative to each other, simplifying the prioritisation process. \cite{AgileBusiness}
+
+ \begin{table}[H]
+ \centering
+ \begin{tabular}{|c|c|}
+ \hline
+ Requirement & MoSCoW\\
+ \hline
+ \hline
+ Register & \cellcolor{Green}Must\\
+ \hline
+ Sign In & \cellcolor{Green}Must\\
+ \hline
+ Sign Out & \cellcolor{Green}Must\\
+ \hline
+ Create Form & \cellcolor{Green}Must\\
+ \hline
+ View Form & \cellcolor{Cyan}Should\\
+ \hline
+ Share Form & \cellcolor{Green}Must\\
+ \hline
+ Edit Form & \cellcolor{Orange}Could\\
+ \hline
+ Delete Form & \cellcolor{Cyan}Should\\
+ \hline
+ Submit Form & \cellcolor{Green}Must\\
+ \hline
+ Add Parter & \cellcolor{Cyan}Should\\
+ \hline
+ Notifications & \cellcolor{Red}Won't\\
+ \hline
+ Display Account Info & \cellcolor{Red}Won't\\
+ \hline
+ \end{tabular}
+ \caption{Risk Levels}
+ \end{table}
\section{Risk Analysis}
@@ -255,21 +299,52 @@ This chapter analyses the requirements of the proposed application and informs t
Risk & Probability & Consequence & \makecell{Risk\\Rating} & Mitigation\\
\hline
\hline
- \makecell{Network\\loss} & High & Minor & \cellcolor{Green}0.1875 & Frequent update of database.\\
+ \makecell{Network\\loss} & High & Minor & \cellcolor{Green}0.1875 & \makecell{Stay up to date on rent\\payments. Keep laptop in a\\protective case.}\\
\hline
- \makecell{Data\\loss} & Low & Catastrophic & \cellcolor{Yellow}0.25 & Redundancy within database.\\
+ \makecell{Data\\loss} & Low & Catastrophic & \cellcolor{Yellow}0.25 & \makecell{Keep multiple backups of\\project including source code\\and report on GitLab.}\\
\hline
- \makecell{Security\\breach} & Medium & Catastrophic & \cellcolor{Yellow}0.5 & \makecell{Follow good practice for secure\\development of cloud applications.}\\
+ \makecell{Security\\breach} & Medium & Catastrophic & \cellcolor{Yellow}0.5 & \makecell{Follow good practice for \\secure development of\\cloud applications.}\\
\hline
\makecell{Function\\error} & High & Major & \cellcolor{Red}0.5625 & \makecell{Implementation of test\\framework to ensure application\\is fully functional and error free.}\\
\hline
\makecell{Interface\\error} & High & Major & \cellcolor{Red}0.5625 & \makecell{Implementation of test\\framework to ensure application\\is fully functional and error free.}\\
\hline
+ \makecell{Minor\\illness} & High & Moderate & \cellcolor{Yellow}0.375 & \makecell{Maintain healthy diet,\\exercise and hygiene to\\reduce risk of infection.}\\
+ \hline
+ \makecell{Major\\illness} & Low & Catastrophic & \cellcolor{Yellow}0.25 & \makecell{Maintain healthy diet,\\exercise and hygiene to\\reduce risk of infection.}\\
+ \hline
\end{tabular}
\caption{Risk Analysis}
\end{table}
+
\section{Contingency Planning}
+ This section will establish the steps to take should one of the above identified risk events occur. \cite{pmi} These contingencies differ from the listed mitigations as they occur once the risk event has taken place, whereas mitigations occur before a risk event has materialised in an attempt to prevent its occurrence. \cite{pmi}
+
+ \begin{table}[H]
+ \centering
+ \begin{tabular}{|c|c|}
+ \hline
+ Risk Event & Contingency\\
+ \hline
+ \hline
+ Network loss & \makecell{Frontend development possible offline using Node. No\\contingency possible for backend due to cloud-based\\nature. Report writing possible as normal. Go to\\library for references}\\
+ \hline
+ Data loss & \makecell{In the event project data such as source code is\\lost, download backups from GitLab}\\
+ \hline
+ Security breach & \makecell{Take application offline. Report any potential\\data loss to affected individuals.}\\
+ \hline
+ Function error & \makecell{Attempt to debug using a combination of logs\\and further testing.}\\
+ \hline
+ Interface error & \makecell{Attempt to debug using a combination of logs\\and further testing.}\\
+ \hline
+ Minor illness & \makecell{Apply for special considerations if illness persists\\for more than a week.}\\
+ \hline
+ Major illness & Apply for special considerations.\\
+ \hline
+ \end{tabular}
+ \caption{Contingency Planning}
+ \end{table}
\section{Functionality}
diff --git a/report/7_Evaluation.tex b/report/7_Evaluation.tex
index 6ad8a10897c6a9336c6757a5506b621aac8b4bdf..1cfcdefe8ceb5aa9694f25ac0c814d6f9f09b6a6 100644
--- a/report/7_Evaluation.tex
+++ b/report/7_Evaluation.tex
@@ -6,23 +6,64 @@
This chapter appraises the quality of the project by critical and comparative evaluation, and discusses the results of the requirements testing taking into consideration issues that were encountered during implementation.
\section{Critical Evaluation}
- While React was a good choice from a development and maintenance viewpoint, it may have been more prudent to use a language/library/framework with which I was more familiar. Whilst a great deal was learned from the implementation of this project, it was significantly delayed - in part due to the time required to learn how to properly use the React library, including React Router and Redux/Thunk.
+ While React was a good choice from a development and maintenance viewpoint, it may have been more prudent to use a language/library/framework which was more familiar. Whilst a great deal was learned from the implementation of this project, it was significantly delayed - in part due to the time required to learn how to properly use the React library, including React Router and Redux/Thunk.
With regard to the outcome of the project versus the initial functional requirements, the project is functional because all of the components identified as the MVP have been implemented. However with the challenge that some features, namely adding partners and editing forms, were not implemented, this was disappointing, albeit unavoidable, given the delays.
\section{Comparative Evaluation}
- TODO.
+ This project has been compared to the competitor applications described in chapter 2, Formstack and Device Magic. The metrics for this evaluation are:
+
+ \begin{itemize}
+ \item Speed and ease of form creation
+ \item Page loading times
+ \item Readability of form templates and submissions
+ \end{itemize}
+
+ Each metric is scored out of 5, with 5 being the best possible score, and 0 representing the worst.
+
+ \begin{table}[H]
+ \centering
+ \begin{tabular}{|c|c|c|c|}
+ \hline
+ Metric & \cellcolor{Cyan}Compforge & \cellcolor{SeaGreen}Formstack & \cellcolor{SkyBlue}Device Magic\\
+ \hline
+ \hline
+ How easy is it to create a form? & \cellcolor{Cyan}5 & \cellcolor{SeaGreen}3 & \cellcolor{SkyBlue}4\\
+ \hline
+ How long does it take to create a form? & \cellcolor{Cyan}4 & \cellcolor{SeaGreen}3 & \cellcolor{SkyBlue}4\\
+ \hline
+ \makecell{How long does it take to navigate between\\pages once on the application?} & \cellcolor{Cyan}5 & \cellcolor{SeaGreen}3 & \cellcolor{SkyBlue}4\\
+ \hline
+ \makecell{How well are the form templates and\\submissions formatted?} & \cellcolor{Cyan}3 & \cellcolor{SeaGreen}5 & \cellcolor{SkyBlue}5\\
+ \hline
+ \end{tabular}
+ \caption{Comparative evaluation against competitor applications}
+ \end{table}
+
+ It's clear from this evaluation that CompForge has succeeded in surpassing the two competitor applicationss in most areas, but requires improvements to its formatting when viewing the form templates and submissions.
\section{Project Management}
- Some of the first parts of the project progressed ahead of schedule, such as the creation of the initial Gantt chart. Until the deadline for the progress report in December, the project was continuing to progress on schedule. Understandably, the implementation, testing and final report write up were severely impacted by the university closure from the 23rd March onwards, due to the spread of COVID-19. This, coupled with delays during the implementation caused by an underestimation of the learning curve of the technologies that were used, resulted in much of the remainder of the project being completed behind schedule, and consequent removal of non-essential features from the requirements. TODO mitigation
+ Some of the first parts of the project progressed ahead of schedule, such as the creation of the initial Gantt chart. Until the deadline for the progress report in December, the project was continuing to progress on time. Understandably, the implementation, testing and final report write up were severely impacted by the university closure from the 23rd March onwards, due to the spread of COVID-19. This, coupled with delays during the implementation caused by an underestimation of the learning curve of the technologies that were used, caused a knock on effect, resulting in much of the remainder of the project being completed behind schedule. This risk event was not part of the initial analysis so a new contingency was formulated to mitigate the risk of not completing the project by the deadline. It was decided that some non-essential features would be elimated from the project, and consequently the \textquoteleft Edit Form\textquoteright\ and \textquoteleft Add Partner\textquoteright\ features were removed. This was possible due to the use of Agile in the project management.
+
+ \subsection{Task Breakdown}
+ The Agile methodology necessitates the breakdown of functional requirements into manageable tasks that can be completed during the course of a single sprint. It was decided sprints would last for four weeks each and the requirements were broken down accordingly. Task management was done using GitLab's issues boards. Each task was added to a board and assigned a milestone. Each milestone represented a component of the project, e.g. the MVP or report. Gitlab utilises the boards to track progress for each milestone, shown in the figure below:
+
+ \begin{figure}[H]
+ \center
+ \includegraphics[height=100mm, width=145mm]{../figures/TasksList}
+ \caption{GitLab Boards Task List}
+ \end{figure}
- \subsection{Agile and Task Breakdowns}
- TODO.
+ \begin{figure}[H]
+ \center
+ \includegraphics[height=100mm, width=145mm]{../figures/MilestoneProgress}
+ \caption{GitLab Boards Milestone Progress}
+ \end{figure}
\subsection{Reflection}
- TODO.
+ This project provided an enjoyable and satisfying learning experience. I gained experience with many new tools such as React and Firebase, and had the opportunity to explore a novel area of cyber security during my research. It was a challenging project to manage - balancing other commitments and workloads often proved difficult, especially after the university closed, but it was interesting to see how the project developed and evolved from its inception. The obstacles I was confronted with forced me to be flexible in my approach to problem solving. Overall, a very positive experience, despite the many challenges.
\subsection{Gantt Chart}
diff --git a/report/8_Conclusions.tex b/report/8_Conclusions.tex
index a54819f8d0ff0e1034cff4762025e83d31a70d9a..2b8d5a0711ef719fb58579de4a61c7621cd1bec1 100644
--- a/report/8_Conclusions.tex
+++ b/report/8_Conclusions.tex
@@ -3,40 +3,54 @@
%% ----------------------------------------------------------------
\chapter{CONCLUSION} \label{Chapter: Conclusions}
-This project aimed to enable SMEs to create and customise their own compliance forms to stay up to date with the latest cyber security standards, as well as ensure that their partner organisations and other organisations in their supply chain are keeping to those same standards in a cost effective way. CompForge has lowered the time and cost required to perform these tasks, with a user-friendly UI and real time updates from the application's Firestore database.
+This project aimed to enable SMEs to create and customise their own compliance forms to stay up to date with the latest cyber security standards, as well as ensure that their partner organisations in their supply chain are keeping to those same standards in a cost effective manner.
\section{Achievement}
- TODO
+ CompForge has achieved its aim by lowering the time and cost required to perform the above tasks, utilising an intuitive user-friendly UI and real time updates from the application's Firestore database. While the creation of such forms is not novel, the speed and ease of producing and sharing them with other users is apparent. With some minor additions the platform could become even more effective. Such additions are outlined in \textquotedblleft Improvements\textquotedblright\ and \textquotedblleft Future Work\textquotedblright\ below.
\section{Improvements}
- Having evaluated the application in conjunction with competitor applications, a number of improvements that could be made have come to mind.
-
- \subsection{Missing Requirements}
+ Having evaluated the application in conjunction with competitor applications, a number of improvements that could be made have come to mind, starting with some the initial requirements that were removed.
- \subsubsection{Edit Forms}
+ \begin{description}
+ \item [Edit Forms]
+ \end{description}
The ability to edit forms that have already been created would be a useful tool in case a mistake is found, or an update is required. This is to be expected in the continuously growing field of cyber security, as doubtless many of the standards that are active today will change with time as technology continues to move forward along with the threats.
- \subsubsection{Share Forms}
+ \begin{description}
+ \item [Share Forms]
+ \end{description}
In the same vein, it would be useful to add the ability to share a form with new partners after it has been created. Organisations change and grow, and it could be necessary to share a form with additional organisations.
- \subsubsection{Add Partners}
+ \begin{description}
+ \item [Add Partners]
+ \end{description}
To save time, another useful feature would be the ability to add partners in a similar way to adding a friend on a social media platform. There would be no need to search for email addresses every time they would be needed when sharing a new form with an existing partner.
- \subsection{Ability to Search/Sort}
+ \begin{description}
+ \item [Ability to Search/Sort Forms]
+ \end{description}
Finally, the number of forms that can be created and shared is technically infinite so a search bar and sorting filter would be useful additions to the application.
\section{Future Work}
Further to the above enhancements, there are some more major improvements that could be made with future work.
- \subsection{Mobile Applications}
- As described in Chapter 8, multiple applications can be added to a Firebase project and share the same data. This would allow easy integration of mobile applications on platforms such as iOS or Android.
-
- \subsection{Export Form Templates}
+ \begin{description}
+ \item [Export Form Templates]
+ \end{description}
Specifically, a feature that allows a user to export form templates and specific submissions from partners into a particular format. Users may wish to print another user's submission to their form or share a form template with another user.
- \subsection{Import Form Templates}
- Conversely, the ability to import existing form templates would allow users to share popular standards such as; ISO/IEC 27001, Cloud Controls Matrix, the Cyber Essentials Scheme, or its progeny, IASME.
+ \begin{description}
+ \item [Import Form Templates]
+ \end{description}
+ Conversely, the ability to import existing form templates would allow users to share popular standards such as; ISO/IEC 27001, Cloud Controls Matrix, the Cyber Essentials Scheme, or its progeny, IASME. The addition of this feature would further enhance the speed at which forms are produced.
+
+ \begin{description}
+ \item [Mobile Applications]
+ \end{description}
+ As described in Chapter 8, multiple applications can be added to a Firebase project and share the same data. This would allow easy integration of a mobile application on platforms such as iOS or Android.
- \subsection{Notifications}
- Finally, the use of email notifications to notify users when a form has been shared with them, or when a partner has made a submission would be convenient, as it is unlikely a user will have the application open at all times.
\ No newline at end of file
+ \begin{description}
+ \item [Notifications]
+ \end{description}
+ Finally, the use of email notifications to alert users when a form has been shared with them, or when a partner has made a submission would be convenient, as it is unlikely a user will have the application open at all times. Should the mobile application extension also be implemented this would allow for equivalent push notifications to a user's mobile device.
\ No newline at end of file
diff --git a/report/master.bbl b/report/master.bbl
index 5c4e8f6eacc8e9fca9702e49635ad136efbc2f1d..f1927e5b901018509be9acf887277d766e1cc6f9 100644
--- a/report/master.bbl
+++ b/report/master.bbl
@@ -100,8 +100,20 @@ Formstack. [Online]. Available: \url{https://formstack.com/}
D.~Magic. [Online]. Available: \url{https://devicemagic.com/}
\BIBentrySTDinterwordspacing
+\bibitem{AgileBusiness}
+A.~B. Consortium, ``Dsdm agile project framework handbook.''
+
+\bibitem{pmi}
+\BIBentryALTinterwordspacing
+J.~F. Heimann, ``Contingency planning as a necessity.'' [Online]. Available:
+ \url{https://www.pmi.org/learning/library/contingency-planning-necessity-risk-assessment-8898}
+\BIBentrySTDinterwordspacing
+
\bibitem{Personas}
-Usability.gov.
+\BIBentryALTinterwordspacing
+Usability.gov. [Online]. Available:
+ \url{https://usability.gov/how-to-and-tools/methods/personas.html}
+\BIBentrySTDinterwordspacing
\bibitem{React}
\BIBentryALTinterwordspacing
diff --git a/report/master.bib b/report/master.bib
index 9e865b6e5d2c587d865ec391d60e5e214253d09a..0ae2b2a65310b9cc2eb7a9c2f689a76f9e3f7357 100644
--- a/report/master.bib
+++ b/report/master.bib
@@ -103,4 +103,25 @@
@misc{Personas,
author = {Usability.gov},
- url = {https://usability.gov/how-to-and-tools/methods/personas.html}
\ No newline at end of file
+ url = {https://usability.gov/how-to-and-tools/methods/personas.html}
+}
+
+@misc{SWOT,
+ author = {Michael Grant},
+ title = {Strength, Weakness, Opportunity, and Threat (SWOT) Analysis}
+ year = {2020},
+ url = {https://www.investopedia.com/terms/s/swot.asp}
+}
+
+@misc{AgileBusiness,
+ author = {Agile Business Consortium},
+ title = {DSDM Agile Project Framework Handbook}
+ url = {https://www.agilebusiness.org/page/ProjectFramework_10_MoSCoWPrioritisation}
+}
+
+@misc{pmi,
+ author = {Jerry F. Heimann},
+ title = {Contingency Planning as a Necessity},
+ publisher = {Project Management Institute},
+ url = {https://www.pmi.org/learning/library/contingency-planning-necessity-risk-assessment-8898}
+}
\ No newline at end of file
diff --git a/report/master.pdf b/report/master.pdf
index 40a0e136bca92fc388fb9402d33f7833e32c82ff..03705c30445ad05bddd2c9a6957637d67c62d1ab 100644
Binary files a/report/master.pdf and b/report/master.pdf differ