Compliance is an important, expensive, and complex problem to deal with. \cite{ComplianceGovernance} It relates to the conformance to a set of laws, regulations, policies or best practices. \cite{ComplianceGovernance} These sets of rules are known as standards. Organisations can be required to take steps to put policies and controls in place that ensure conformity with the regulations outlined in their given compliance standard(s), the purpose of which is to safeguard the organisation against security threats.
\subsection{Compliance in Cyber Security}
Cyber security is the body of technologies, processes, and practices designed to protect networks, computers, programs, and data from attack, damage, or unauthorized access. \cite{CSCRM} Cyber security standards have existed for a long time, affecting the necessary policies and practices of individuals and organisations over the last several decades. \cite{StanfordConsortium} Various regulations and legislation often struggle to keep up with the latest cyber threats due to the rapid evolution of the field. \cite{GDPR} As a result of the expanding pool of available tools, there is an ever-increasing number of people able to access the world of cyber crime. This makes it all the more crucial that conforming to the latest standards becomes an imperative for every company, regardless of the size of the enterprise. The hope for this project is that it will help to enable organisations to achieve compliance with any given standard in a cost effective manner.
\subsection{Cyber Essentials}
\subsection{Outline and Design of Web Application System}
The UK Government worked with the a number of other institutions to develop Cyber Essentials, a set of basic standards to help organisations defend themselves from common security threats online. \cite{CyberEssentials} The scheme is designed to prevent unskilled individuals from being able to find basic vulnerabilities in an organisation by providing advice, and two different levels of certification; \textquotedblleft Cyber Essentials\textquotedblright\ and \textquotedblleft Cyber Essentials Plus\textquotedblright. The former is a self-assessment designed to be light-weight and easy to follow, while in the latter, a certification body carries out the verification of the organisation\textquoteright s cyber security, instead of it being done by the company in question.
\section{Crime}
\subsection{Implementation and Validation of Web Application}
There has been a significant increase in cyber criminal activity in recent years. \cite{GDPR} The methods used by criminals are currently changing as businesses begin to be targeted more frequently than individuals. \cite{GDPR} Cyber crime is growing at a rapid rate, making it increasingly troublesome for regulations and legislation to keep pace, resulting in outdated laws that are often unfit for purpose. \cite{GDPR}
\section{Supply Chains}
\subsection{Results, Analysis and Evaluation of Project Work}
Supply chain management is an integrating function with primary responsibility for linking major business functions and business processes within and across companies into a cohesive and high-performing business model. \cite{CSCRM} It includes all logistics management activities as well as manufacturing operations, and it drives coordination of processes and activities within and across marketing, sales, product design, finance, and information technology. \cite{CSCRM}
\subsection{Supply Chain Security}
\subsection{}
Supply chain security focuses on the potential threats associated with an organisation\textquoteright s suppliers of goods and services, many of which may have extensive access to resources and assets within the enterprise environment or to an organisation\textquoteright s customer environments - some of which may be sensitive in nature. \cite{CombattingCyberRisks}
\ No newline at end of file
\section{Impacts}
Cyber attacks are financially devastating and disrupting to people and businesses. Successful attacks have the potential to expose personal information, leaving the victims of these security breaches vulnerable to fraud. \cite{CyberCrime} Victims are also left vulnerable to further attacks, using the information previously gathered by attackers.
\subsection{The Effect on Business and Loss of Confidence}
According to a survey by Ping Identity (a company that sells a number of cloud and software identity security solutions), 75\% of people stop engaging with a brand online following a data breach, as well as 59\% saying they were not willing to sign up to use an online service or application that had recently experienced a data breach. \cite{ITGovernance} In spite of this, 56\% said they are not willing to pay anything to application or online service providers for added security to protect their personal information. \cite{ITGovernance}
\subsection{Legal consequences}
GDPR requires proper management of all the personal information held by an organisation. \cite{BusinessInfo} If this information is compromised, and that organisation has neglected to deploy basic security measures, it is possible they will face fines and regulatory sanctions. \cite{BusinessInfo}
\section{Case Study: Pouring Pounds Ltd}
Two cashback sites owned by Pouring Pounds Ltd were found to have leaked two terabytes worth of personally identifiable information and account data. This was made possible because of an unprotected database, which could be accessed through an exposed port on the company's server. The leak occured in October 2019 and has affected approximately 3.5 million individuals. \cite{z6mag}
Firebase is Google's mobile application development platform. \cite{Firebase} It is used by many large applications such as Lyft, Venmo and Trivago for its multitude of services including hosting, authentication, database, storage and functions.
Firebase is Google's mobile application development platform. \cite{Firebase} It is used by many large applications such as Lyft, Venmo and Trivago for its multitude of services including hosting, authentication, database, storage and functions.
\subsubsection{Firestore}
\subsubsection{Firestore}
The benefit of using Firebase's database (called Firestore) is that data sent to the database is immediately forwarded on to relevant interested instances of the application, so changes made by one user can update another user in close to real time. In addition, you can add multiple apps to the service and they will all share the same database, making maintaining the application across multiple platforms, like Web, iOS and Android far easier.
The benefit of using Firebase's database (called Firestore) is that data sent to the database is immediately forwarded on to relevant interested instances of the application, so changes made by one user can update another user in close to real time. In addition, you can add multiple apps to the service and they will all share the same database, making maintaining the application across multiple platforms, like Web, iOS and Android far easier, however, this project is only a web application.
\subsubsection{Serverless Architecture}
\subsubsection{Serverless Architecture}
Oohhhh confusing serverless server Architecture... and other misleading nomanclature.
Serverless architecture is the model Firebase uses as its platform. It is not, in fact, serverless as the name suggests. It simply means that the need for server software and hardware management by the developer is erased, because the infrastructure is provided by a host, like Firebase. This allows for improved scalability for hosted applications.
