Higher Nationals

Internal verification of assessment decisions – BTEC (RQF)

INTERNAL VERIFICATION – ASSESSMENT DECISIONS

Programme title BTEC Higher National Diploma in Computing

Assessor Internal Verifier

Unit 6 Managing a Successful Computing Project
Unit(s)
Online Shopping Cart System Project Area: Security
Assignment title

Student’s name
List which assessment Pass Merit Distinction
criteria the Assessor has
awarded.
INTERNAL VERIFIER CHECKLIST
Do the assessment criteria awarded match
those shown in the assignment brief? Y/N

Is the Pass/Merit/Distinctiongrade awarded

justified by the assessor’s comments on the Y/N
student work?

Has the work been assessed

Y/N
accurately?
Is the feedback to the student:
Give details:

• Constructive?
Y/N
• Linked to relevant assessment
criteria? Y/N

• Identifying opportunities for

improved performance?
Y/N

• Agreeing actions? Y/N

Does the assessment decision need

Y/N
amending?
Assessor signature Date

Internal Verifier signature Date

Programme Leader signature (if
Date
required)

Managing a Successful computing Project pg. 1

 Confirm action completed
Remedial action taken

Give details:

Assessor signature Date

Internal Verifier
Date
signature
Programme Leader
Date
signature (if required)

Managing a Successful computing Project pg. 2

Higher Nationals - Summative Assignment Feedback Form
Student Name/ID

Unit Title Unit 6 Managing a Successful Computing Project

Assignment Number 1 Assessor

Date Received 1st
Submission Date
submission
Date Received 2nd
Re-submission Date
submission
Assessor Feedback:

LO1. Assess risks to IT security

Pass, Merit & Distinction P1 P2 M1 D1
Descripts
LO2. Describe IT security solutions.

Pass, Merit & Distinction P3 P4 M2 D1

Descripts

LO3. Review mechanisms to control organisational IT security.

Pass, Merit & Distinction P5 P6 M3 M4 D2
Descripts

LO4. Create and use a Test Plan to review the performance and design of a multipage website.
Pass, Merit & Distinction P7 P8 M5 D3
Descripts

Grade: Assessor Signature: Date:

Resubmission Feedback:

Grade: Assessor Signature: Date:

Internal Verifier’s Comments:

Signature & Date:

* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and grades decisions have
been agreed at the assessment board.

Managing a Successful computing Project pg. 3

Pearson
Higher Nationals in
Computing
Unit 6: Managing a Successful Computing Project

Managing a Successful computing Project pg. 4

General Guidelines
1. A Cover page or title page – You should always attach a title page to your assignment. Use previous page as
your cover sheet and be sure to fill the details correctly.
2. This entire brief should be attached in first before you start answering.
3. All the assignments should prepare using word processing software.
4. All the assignments should print in A4 sized paper, and make sure to only use one side printing.
5. Allow 1” margin on each side of the paper. But on the left side you will need to leave room for binging.

Word Processing Rules

1. Use a font type that will make easy for your examiner to read. The font size should be 12 point, and should
be in the style of Time New Roman.
2. Use 1.5 line word-processing. Left justify all paragraphs.
3. Ensure that all headings are consistent in terms of size and font style.
4. Use footer function on the word processor to insert Your Name, Subject, Assignment No, and Page Number
on each page. This is useful if individual sheets become detached for any reason.
5. Use word processing application spell check and grammar check function to help edit your assignment.

Important Points:
1. Check carefully the hand in date and the instructions given with the assignment. Late submissions will not be
accepted.
2. Ensure that you give yourself enough time to complete the assignment by the due date.
3. Don’t leave things such as printing to the last minute – excuses of this nature will not be accepted for failure
to hand in the work on time.
4. You must take responsibility for managing your own time effectively.

Managing a Successful computing Project pg. 5

 5. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may apply
(in writing) for an extension.
6. Failure to achieve at least a PASS grade will result in a REFERRAL grade being given.
7. Non-submission of work without valid reasons will lead to an automatic REFERRAL. You will then be asked to
complete an alternative assignment.
8. Take great care that if you use other people’s work or ideas in your assignment, you properly reference them,
using the HARVARD referencing system, in you text and any bibliography, otherwise you may be guilty of
plagiarism.
9. If you are caught plagiarising you could have your grade reduced to A REFERRAL or at worst you could be
excluded from the course.

Managing a Successful computing Project pg. 6

Student Declaration

I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as my own
without attributing the sources in the correct way. I further understand what it means to copy another’s work.

1. I know that plagiarism is a punishable offence because it constitutes theft.

2. I understand the plagiarism and copying policy of the Edexcel UK.
3. I know what the consequences will be if I plagiaries or copy another’s work in any of the assignments for this
program.
4. I declare therefore that all work presented by me for every aspects of my program, will be my own, and
where I have made use of another’s work, I will attribute the source in the correct way.
5. I acknowledge that the attachment of this document signed or not, constitutes a binding agreement between
myself and Edexcel UK.
6. I understand that my assignment will not be considered as submitted if this document is not attached to the
attached.

Student’s Signature: Date:

(Provide E-mail ID) (Provide Submission Date)

Managing a Successful computing Project pg. 7

Assignment Brief
Student Name /ID Number
Unit Number and Title Unit 6: Managing a Successful Computing Project
Academic Year 2017/2018
Unit Tutor
Assignment Title Online Shopping Cart System Project Area
Issue Date
Submission Date
IV Name & Date
Submission Format:
The submission is in the form of an individual written report. This should be written in a concise, formal
business style using single spacing and font size 12. You are required to make use of headings, paragraphs
and subsections as appropriate, and all work must be supported with research and referenced using the
Harvard referencing system. Please also provide an end list of references using the Harvard referencing
system.

Unit Learning Outcomes:

LO1 Establish project aims, objectives and timeframes based on the chosen theme.

LO2 Conduct small-scale research, information gathering and data collection to generate knowledge to
support the project.

LO3 Present the project and communicate appropriate recommendations based on meaningful
conclusions drawn from the evidence findings and/or analysis.

LO4 Reflect on the value gained from conducting the project and its usefulness to support sustainable

Managing a Successful computing Project pg. 8

organizational performance.

Assignment Brief and Guidance:

Vulnerability Assessment Case Study for Online Shopping Cart System

A large retail organization maintaining an Online Shopping Cart System, needed to do an in-depth check
on their system security situation and assess their vulnerability to hackers and other threats. They
recruited a trusted IT security advisory team, to handle the assessment and make recommendations of
how to improve their security for Online Shopping Cart. The expected solution of the project is a
vulnerability assessment and action plan which includes. Issues of varying severity were discovered
quickly, and the team notify Online Shopping Cart System management officials so they could take action
immediately, rather than wait for the final report.

 Identified unknown entry points.

 Recommendations for standardization of upcoming infrastructure installations, configurations, and
maintenance.
 Educate and increase user awareness on what they could change to improve their security situation
in order to build confidence of using the shopping cart web system
 An action plan to keep their environment secure.

The IT security advisory team experts test security infrastructure devices, network servers, operational
systems (including Windows and Linux), physical security of buildings, and wireless internet security.
They look at policies, procedures, network entry points, and network infrastructure. The project spanned
06 months in order to provide the Online Shopping Cart System with an accurate snapshot of their current
security posture. The IT security advisory team look for vulnerability trends and recurring issues that
needed attention. This team has a lot of experience working in the Online Shopping Cart System field.
The role as a trusted IT advisory team means that they are not trying to perform a specific solution to any
problem case. We make expert recommendations, based on our proven assessment methodology, that are
in the best interest of the specific project of an Online Shopping Cart Systems IT security.

Assume that you are the Project Manager of the IT security advisory team with 06 members who are
working towards achieving the goal of the Online Shopping Cart Systems Vulnerability Assessment
Project.

The IT security advisory team find issues of varying severity in many areas. As issues were uncovered the
team notified Online Shopping Cart System management officials so they could take action immediately,
rather than wait for the final report. The main problem discovered was that the Online Shopping Cart
System needed a standard way of installing, configuring, and maintaining servers and infrastructure
equipment. With a large organization, this is a common problem, as different department managers and
staff tend to have different ways of managing their IT. Introduction of a set of procedures for the entire
Online Shopping Cart System helps eliminate threats.

Managing a Successful computing Project pg. 9

 The IT security advisory team also discovered unknown entry points – both physical and electronic –
that is threat to the overall confidentiality, integrity, and availability of network data and resources. The
team made recommendations on how to tighten security controls and eliminate unnecessary entry points
that would greatly reduce the threat.

Another benefit was a greater awareness among the entire staff about how any vulnerability or weakness
in any functional area affects the overall security posture of the Online Shopping Cart System at large.
Team gave the Online Shopping Cart System management staff a full report on what we found and helped
to educate their staff on what they could change to improve their security situation. They developed an
action plan for how to keep up with regular assessments to keep their environment secure.

TASK – 01

1.1 Explain the project management process for the above scenario. Identify the aims and objectives
of the above-mentioned project.

1.2 Prepare a comprehensive project management plan with Milestones, that covers the cost
management, scope management, quality management, communication, risk and resources
management for the above scenario.

1.3 Produce a work breakdown structure and draw a Gantt Chart to provide timeframes and stages for
completion.

TASK – 02
2.1 Explain qualitative and quantitative research methods of data collection to support the above
project.

2.2 Perform small-scale research by applying qualitative and quantitative research methods
appropriate for meeting project aims and objectives for the above scenario. Discuss the accuracy
and reliability of different research methods applied.

TASK – 03

3.1 Explain the common data analytical techniques. Analyse the collected data using appropriate tools
and techniques.

3.2 Report appropriate recommendations as a result of research and data analysis to draw valid and
meaningful conclusions.

3.3 Prepare a report to present the result of the above research and data analysis to draw valid and
meaningful conclusions with the appropriate recommendations. Justify the selection of appropriate
tools and techniques for accuracy and authenticity to support and recommendations.

TASK – 04

4.1. Provide a reflection on the value of undertaking the research related to the task1,2 and 3 to

Managing a Successful computing Project pg. 10

 meet stated objectives with your own learning and performance.

Discuss the project outcomes, the decision-making process and changes or developments of the initial
project management plan to support justification of recommendations and learning during the project.

Explain the value gained from conducting the project and its usefulness to support sustainability of
the given organization and its’ performance.

Managing a Successful computing Project pg. 11

Grading Rubric
Grading Criteria Achieved Feedback

LO1 Establish project aims, objectives and timeframes based on the

chosen theme

P1 Devise project aims and objectives for a chosen scenario.

P2 Produce a project management plan that covers aspects of

cost, scope, time, quality, communication, risk and resources.
P3 Produce a work breakdown structure and a Gantt Chart to
provide timeframes and stages for completion.
M1 Produce a comprehensive project management plan, milestone
schedule and project schedule for monitoring and completing the
aims and objectives of the project.
LO2 Conduct small-scale research, information gathering and data
collection to generate knowledge to support the project

P4 Carry out small-scale research by applying qualitative and

quantitative research methods appropriate for meeting project
aims and objectives.

M2 Evaluate the accuracy and reliability of different research

methods applied.

D1 Critically evaluate the project management process and

appropriate research methodologies applied.
LO3 Present the project and communicate appropriate
recommendations based on meaningful conclusions drawn from
the evidence findings and/or analysis

P5 Analyse research and data using appropriate

tools and techniques.

P6 Communicate appropriate recommendations as a

Managing a Successful computing Project pg. 12
result of research and data analysis to draw valid and meaningful
conclusions.
M3 Evaluate the selection of appropriate tools and techniques for
accuracy and authenticity to support and justify recommendations.
LO4 Reflect on the value gained from conducting the project and
its usefulness to support sustainable organisational performance

P7 Reflect on the value of undertaking the research to meet stated

objectives and own learning and performance.

M4 Evaluate the value of the project management process and use of

quality research to meet stated objectives and support own learning
and performance.
D2 Critically evaluate and reflect on the project outcomes, the
decision making process and changes or developments of the initial
project management plan to support justification of
recommendations and learning during the project.

Managing a Successful computing Project pg. 13

Table of Contents

TASK 01...................................................................................................................................14

1.1 Project management process.............................................................................................................14

1.1.1 Project Initiation..............................................................................................................................15

1.1.2. Project Planning.............................................................................................................................15

1.1.3. Project Execution...........................................................................................................................16

1.1.4. Project Monitoring & Controlling..................................................................................................16

1.1.5. Project Closing...............................................................................................................................17

1.1.6 Aims of the project..........................................................................................................................17

1.1.7 Objectives of the project..................................................................................................................17

1.2 Project plan.............................................................................................................................................17

1.1.1 Project plan for security assessment of the Online Shopping System............................................17

1.3 Work breakdown structure and Gantt chart............................................................................................22

1.3.1 Work break down structure.............................................................................................................22

1.3.2 Gantt chart.......................................................................................................................................23

TASK 02...................................................................................................................................24

2.1 Research Methods..................................................................................................................................24

2.1.1 Qualitative Research.......................................................................................................................24

2.1.2 Quantitative research.......................................................................................................................25

2.2 Performing a small-scale research..........................................................................................................25

2.2.1 Accuracy and reliability of research methods.................................................................................26

TASK 03...................................................................................................................................27

3.1 Data analytic techniques.........................................................................................................................27

3.1.1 Analysis of collected data................................................................................................................27

3.2 Recommendations..................................................................................................................................31

Managing a Successful computing Project pg. 14

 3.3 Research report.......................................................................................................................................32

TASK 04...................................................................................................................................33

4.1 Value of undertaking a research to meet the project objectives.............................................................33

4.1.1 Project outcomes.............................................................................................................................34

4.1.2 Decision-making process................................................................................................................34

4.1.3 Value gained from conducting the project.......................................................................................35

References................................................................................................................................37

List of Figures
Figure 1:WBS Source: (Author Develop)........................................................................................................24
Figure 2: Gantt Chart Source: (Author Develop).............................................................................................25
Figure 3: Stats of network security Source: (Author Develop)........................................................................29
Figure 4: Stats of server security Source: (Author Develop)...........................................................................30
Figure 5: Stats of backups Source: (Author Develop).....................................................................................30
Figure 6: Stats of web application security Source: (Author Develop)...........................................................31
Figure 7: Stats of physical security Source: (Author Develop)........................................................................32

List of Tables
Table 1: List of milestones Source: (Author Develop).....................................................................................20
Table 2: Timeline Source: (Author Develop)...................................................................................................20
Table 3: Contact Information Source: (Author Develop).................................................................................21
Table 4: Schedule Source: (Author Develop)...................................................................................................22
Table 5: Risk Management Source: (Author Develop)....................................................................................22
Table 6: Cost Management Source: (Author Develop)....................................................................................23
Table 7: Recommendations Source: (Author Develop)...................................................................................33

Managing a Successful computing Project pg. 15

TASK 01

1.1 Project management process

Project management is one of the critical processes of any project. This is due to the fact that project
management is the central process that connects all other project activities and processes. When it comes to
project management activities, there are many. However, these numerous project management activities can
be classified into five main processes.
The project management process is an administration process for the planning and control of services or the
implementation of a project. This process begins after the approval of the client, is based on the contract and
is aimed at the initial values of the process and the overall management of a project.[ CITATION inl19 \l
1033 ]
The project management process consists of five main steps.
1. Initiation

2. Planning

3. Execution

4. Monitoring & Controlling

5. Closing

1.1.1 Project Initiation

The initiation is the first phase of the project life cycle. This is where the value and viability of the project is
measured. Project managers generally use two evaluation tools to decide whether or not to follow a project:

- Business case document: this document justifies the need for the project and includes an estimate of
possible financial benefits.
- Feasibility study: this is an evaluation of the objectives, schedule and costs of the project to
determine if the project should be executed. Balance the project requirements with the resources
available to see if it makes sense to follow the project.

The teams abandon the proposed projects that are labeled as unprofitable and / or unfeasible. However,
projects that pass these two tests can be assigned to a designated project team or project office.[ CITATION
vil19 \l 1033 ]

Managing a Successful computing Project pg. 16

According to the given project, it is necessary to follow this step. In this step, verify if the required criteria
are met before executing the project. For example, what type of system does the online shopping system
have, what type of test do you need, facilities need to perform security
evaluation, how long will it take to complete the safety assessment? And also the benefits for the company
to carry out this safety assessment.
Then make a document with the above facts and financial requirements for the company.

1.1.2. Project Planning

Once the project receives a green light, it needs a solid plan to guide the team, as well as keep it on time and
on budget. A well-written project plan provides guidance for obtaining resources, acquiring financing and
acquiring the necessary materials. The project plan gives the team the direction to produce quality results,
manage risks, create acceptance, communicate benefits to stakeholders and manage suppliers.
The project plan also prepares teams for the obstacles they may encounter in the course of the project and
helps them understand the cost, scope and term of the project.
According to the company, the safety assessment project should be completed in 6 months. And also on the
approved budget. Therefore, before implementing the project, there should be an appropriate plan to
complete the safety assessment in a timely manner and in compliance with the budget.

1.1.3. Project Execution

This is the phase most often associated with project management. Execution is about creating results that
will satisfy the customer. Team leaders make this possible by allocating resources and focusing team
members on their assigned tasks.
In this project management step, a project manager is typically responsible for:

- Budget management
- Timeline management
- Resource planning
- Change management
- Risk management
- Quality management
- Internal deliverable reviews
- Communications and facilitation
- Meeting management

Managing a Successful computing Project pg. 17

The execution depends strongly on the planning phase. The work and work of the team during the execution
phase are derived from the project plan.[ CITATION tea19 \l 1033 ]
This security assessment conduct on five main assets. Network, Servers, Backup, Web application, Physical
security. These assets are being checked according to the project plan to detect security vulnerabilities in the
online shopping cart system.

1.1.4. Project Monitoring & Controlling

This is about measuring the progression and performance of the project. Project managers want to use key
performance indicators (KPIs) to determine if the project is on its way. A project manager wants to choose
between two and five KPIs to measure project performance:
- Project Objectives: Measuring if a project is on schedule and budget is an indication if the project
will meet stakeholder objectives.
- Quality Deliverables: This determines if specific task deliverables are being met.
- Effort and Cost Tracking: PMs will account for the effort and cost of resources to see if the budget is
on track. This type of tracking informs if a project will meet its completion date based on current
performance.
- Project Performance: This monitors changes in the project. It takes into consideration the amount and
types of issues that arise and how quickly they are addressed. These can occur from unforeseen
hurdles and scope changes.
During this time, project managers may need to adjust schedules and resources to ensure the project is on
track.[ CITATION sma19 \l 1033 ]

1.1.5. Project Closing

Teams complete a project when they hand over the finished project to the client, communicate the deal to the
parties, and share resources with other projects. This crucial step in the project lifecycle enables the team to
evaluate and document the project, and to continue with the previous project failures and successes to build
stronger processes and more successful teams.
Although project management sometimes seems overwhelming, splitting into these five different cycles can
help your team manage the most complex projects and use time and resources wisely.
At this stage project ends by reporting the found security threats/ vulnerabilities in the online shopping
system. And make the final report with financial information and the outcomes of the security assessment.

Managing a Successful computing Project pg. 18

1.1.6 Aims of the project
- Identify unknown entry points.

- Recommendations for standardization of upcoming infrastructure installations, configurations, and

maintenance.

- Educate and increase user awareness on what they could change to improve their security situation in
order to build confidence of using the shopping cart web system

1.1.7 Objectives of the project

- Perform vulnerability test to identify security vulnerabilities

- Provide solutions for the found security threats and for potential threats

- Inform the employees about the actions need in an emergency situation

1.2 Project plan

1.1.1 Project plan for security assessment of the Online Shopping System
A large retail organization that maintains an online shopping cart system had to thoroughly examine its
system security posture and assess its vulnerability to hackers and other threats. They recruited a trusted IT
security consulting team to conduct the assessment and make recommendations for improving their security
for the online shopping cart. The expected solution of the project is a vulnerability assessment and an action
plan that includes: Issues of varying degrees of severity were quickly identified, and the team notified the
people in charge of online shopping cart system management to take immediate action.
Purpose
The purpose of the project is to analyze the Online Shopping Cart system security situation and assess their
vulnerability to hackers and other threats.
Resources
Time – 6 months
Human resources – A team with Project manager and five members
List of milestones

Task/Milestone Description
Setup the vulnerability assessment - Begin documentation
- Update and Configure tools

Managing a Successful computing Project pg. 19

Test execution Run the tools and scan for the
vulnerabilities in the system
Vulnerability analysis Analyzing the vulnerabilities and classify.

Reporting Reporting the security threats.

Project complete Completing the security assessment and

finish the project
Table 1: List of milestones Source: (Author Develop)

Scope
The project team will cover the following tests to complete the safety assessment requested by the online
cart system management.
1. Testing the Online Shopping Cart web application

- Front-end

- Back-end

- Payment portals

2. Testing Web servers & software

- Database

- Server configurations

3. Testing network equipment (network configurations)

4. Physical security

Timeline

Task Duration Start Date Ended date

Testing the web app

- Front-end 30 days 01.07.2019 30.07.2019

- Back-end 40 days 31.07.2019 12.09.2019

- Payment portal 25 days 13.09.2019 06.10.2019

Testing the web server &

software

Managing a Successful computing Project pg. 20

 - Database 30 days 07.10.2019 07.11.2019

- Server configuration 15 days 08.11.2019 23.11.2019

Testing network 30 days 24.11.2019 24.12.2019

Physical security 5 days 25.12.2019 30.12.2019

Table 2: Timeline Source: (Author Develop)

Resource
Team members,
- Project manager
- Tech lead
- Junior testers
Communication
This Communications Management Plan sets the communications framework for this project. It will serve
as a guide for communications throughout the life of the project and will be updated as communication
needs change. Included communications schedule which maps the communication requirements of this
project. A guide for conducting meetings describes both the communications rules and how the meetings
will be conducted, ensuring successful meetings during the project period.

Contact information of the team

Position Name Tel email
Project manager Uthpala +94767788978 [email protected]
Samarakoon m
Tech lead
Junior tester
Junior tester
Junior tester
Junior tester
Table 3: Contact Information Source: (Author Develop)

Communication schedule

Managing a Successful computing Project pg. 21

Person(s) Person in
Information Time Medium
/Recipients charge

- Overall progress,
Project team - Security Weekly Face-to-face Tech lead
vulnerabilities
Online Shopping
- Security When
System email Tech lead
vulnerabilities needed
management

- Overall status
Project manager Weekly email Tech lead
- Current task

Online Shopping
Overall status of the Project
System Fortnight email
project manager
management
Table 4: Schedule Source: (Author Develop)

Risk management
A risk management plan is to help the project’s stakeholders aware of potential threats and be assured that
the project team has sufficient and efficient plan of risk mitigation.
Possible risks for this project
1. Unexpected software bugs
2. Exceeding allocated time periods
3. Lack of stakeholder involvement
4. Changes in the project scope
5. Missing team members

Responses to the risks

- Risk monitoring

- Risk reducing

Risk Probability Impact Response

Unexpected software Low High Try fixes, Seek for alternatives
bugs
Exceeding allocated Medium High Work according to the plan and manage
time periods the time
Lack of stakeholder High High Clear communication plans and hold
involvement meetings
Changes in the project Medium High Negotiate with the management

Managing a Successful computing Project pg. 22

scope
Missing team Medium Medium Hire another or cover the task by
members existing team members.
Table 5: Risk Management Source: (Author Develop)

Cost management
This is the process of planning and controlling the budget of the project. It contains planning, estimating,
managing and controlling the cost to complete the project within the approved budget. Following steps are
the key components of this process,
1. Cost estimating
2. Cost budgeting
3. Cost controlling
Costing is the process of estimating the cost of a project or task. When creating a cost estimate, you should
consider the resources that will be used in the project, such as equipment, services, facilities and jobs ...
The cost budget is the process of creating a baseline of information on the cost of the project. This depends
on the duration and scope of the project.
When controlling the cost, the status quo activities to control the cost.

Task Cost

Project initiation 10 000.00

Project execution – Test the Web app,

50 000.00
Servers, Network, Physical security
Provide solutions (Equipment, Software,
250 000.00
etc...)

Service fees 500 000.00

Total 810 000.00

Table 6: Cost Management Source: (Author Develop)

1.3 Work breakdown structure and Gantt chart

A work breakdown structure (WBS) is a key project that can be delivered and that organizes team work into
manageable sections. The Project Management Knowledge Body defines the work breakdown structure as a
"hierarchical decomposition oriented to the delivery of the work to be executed by the project team". The

Managing a Successful computing Project pg. 23

work breakdown structure visually defines the scope in manageable fragments that a project team can
understand, since each level of the work breakdown structure provides more definition and details.
[ CITATION wor19 \l 1033 ]

1.3.1 Work break down structure

Figure 1:WBS Source: (Author Develop)

1.3.2 Gantt chart

Tasks Months
1 2 3 4 5 6
Setup the
vulnerability
assessment
Testing web
application

Managing a Successful computing Project pg. 24

- Front-end

- Back-end

- Payment
portals
Server &
software
- Database

- Server
configuration
s
Network
equipment testing
Physical security

Vulnerability
analysis
Reporting

Finishing

Figure 2: Gantt Chart Source: (Author Develop)

TASK 02

2.1 Research Methods

2.1.1 Qualitative Research
Qualitative research is primarily exploratory research. It is used to understand the underlying reasons,
opinions and motivations. Provides information about the problem or helps to develop ideas or hypotheses
for possible quantitative investigations. Qualitative research is also used to discover thought and opinion
trends and to deepen the problem. Qualitative data collection methods vary with unstructured or semi-
structured techniques.[ CITATION Sus11 \l 1033 ]
Here are some qualitative research methods,
- One-on-One Interview

- Text Analysis

- Case study research

Managing a Successful computing Project pg. 25

 - Ethnographic research

- Focus groups

2.1.2 Quantitative research

Quantitative Research is used to quantify the problem by way of generating numerical data or data that can
be transformed into usable statistics. It is used to quantify attitudes, opinions, behaviors, and other defined
variables – and generalize results from a larger sample population. Quantitative Research uses measurable
data to formulate facts and uncover patterns in research.[ CITATION Sus11 \l 1033 ]
Quantitative research methods,
- Surveys

- Questionnaires

- Polls

According to the descriptions, these two methods are the most important methods of data collection. In this
project, the entire system and its current situation must be identified to perform an adequate safety
assessment. Therefore, to collect information about the online shopping cart system, a search must be
performed. These two methods can make the process of data collection in the online shopping cart system
more accurate and reliable. You can know the ideas of the employee and also identify the weekly points of
the system. Through the use of a questionnaire, employee data can be collected and an overview of the
current system can be obtained. And as a method of quantitative research with individual interviews,
employees can obtain information directly from the system.

2.2 Performing a small-scale research

Questionnaire for get feedback about the security of Online Shopping Cart system.
*Select an answer from provided options for each question.
Network infrastructure
1. Does the company use a firewall to restrict traffic inside and outside the network? (Yes/No)

2. Are there encrypted protocols for all internal traffic that carries confidential information? (Yes/No)

3. Have you implemented a monitoring system for the network? (Yes/No)

Servers

Managing a Successful computing Project pg. 26

4. Does the company have an operating system and updates on the servers? (Yes/No)

5. Is the system configured to record security-relevant events? (Yes/No)

6. Does the server admin has a low privilege account for day-to-day tasks (Yes/No)

Backups
7. Is there a backup plan? (Yes/No)

8. Is there a remote backup system located? (Yes/No)

9. Are backups tested regularly? (Yes/No)

Web application
1. 1. Were validation rules used for the input fields? (Yes/No)

10. 2. Do you use HTTPS on websites that contain and transfer sensitive data? (Yes/No)

11. 3. Are you using encryption methods when saving passwords? (Yes/No)

12. 4. Is there a method for account recovery? (Yes/No)

Physical security
2. Are all facilities used exclusively by the company, or are some shared? (Yes/No)

3. Do you use access authentication systems for certain areas ? (Yes/No)

4. Is CCTV installed in the installation? (Yes/No)

2.2.1 Accuracy and reliability of research methods

Two main research methods are the qualitative and the quantitative research method. These methods are two
different types of research. These two methods have different properties. With the qualitative research
method you have different possibilities to carry out research. The quantitative research methodology
includes surveys, questionnaires and surveys such as driving research.
In those methods, accuracy and reliability are different. When considering the questionnaire, its accuracy
depends on the questions. If the questions are relevant and clearer, the comments will be more precise and
relevant for the expected. There are different types of questions that must be answered. Small questions are
simpler and more effective. It is for these questions. Feedback is more relevant for expected responses. It
makes it easier to analyze the results. And that can make the comments accurate. But in some cases due to

Managing a Successful computing Project pg. 27

its structure. Therefore, this may affect the accuracy of the results. As a solution to this problem, you can use
more common answers or include all possible answers in the answer list. It is a difficult process to include
all possible answers.
The reliability of the comments is also important in an investigation. To be able to conduct a proper
investigation, the comments must be reliable and accurate. To be more reliable, the sources must be reliable.
If the method of inquiry is a questionnaire, respondents must be reliable respondents, and the questions must
also help ensure that they are reliable. In some cases, anonymity helps to get reliable feedback. Previous
research has suggested that respondents who answer the questions should be properly selected to increase
the reliability of the comments. Therefore, the respondents influence the reliability of the research results.
Finally, accuracy and reliability depend on the type of questionnaire that contains the questionnaires. In
order to be able to carry out a precise and reliable investigation, the methods must be used according to the
requirements. Then the results are accurate and reliable.
TASK 03

3.1 Data analytic techniques

There are many data analysis techniques according to different research methods. Some of the data analysis
techniques are as follows:
- Typology

- Trend analysis

- Coding

Typology
“A typology is a set of categories used for classification. A typology generally has non-overlapping
categories that exhaust all possibilities so that there is one category available for each observation and each
observation only fits one category”.[ CITATION Ash16 \l 1033 ]

Trend analysis
“Trend analysis quantifies and explains trends and patterns in a “noisy” data over time. A “trend” is an
upwards or downwards shift in a data set over time.”[ CITATION Ste18 \l 1033 ]

Managing a Successful computing Project pg. 28

3.1.1 Analysis of collected data
Above conducted research was analyzed using IBM SPSS software and below charts are the summary of the
research feedback analysis took from the IBM SPSS software.

Descriptive Statistics

N Mean Std. Deviation Variance

Network 3 .67 .577 .333

Server 3 1.00 .000 .000
Backup 3 .67 .577 .333
Webapp 4 .25 .500 .250
Physical 3 1.00 .000 .000
Valid N (listwise) 3

Network security stats

Figure 3: Stats of network security Source: (Author Develop)

According to the pie chart (figure 3) network security is good but still needs attention on it.

Managing a Successful computing Project pg. 29

Server security stats

Figure 4: Stats of server security Source: (Author Develop)

As shown in the pie chart (figure 4) overall security is good of servers.

Backup stats

Figure 5: Stats of backups Source: (Author Develop)

According to the pie chart (figure 5) more than half is shown as good.

Managing a Successful computing Project pg. 30

Web application security

Figure 6: Stats of web application security Source: (Author Develop)

According to the pie chart (figure 5) web application security is week. It need more attention

Managing a Successful computing Project pg. 31

Physical security

Figure 7: Stats of physical security Source: (Author Develop)

Physical security also at good level as shown in the pie chart (figure 6)

3.2 Recommendations
According to the above conducted research there are four main categories had considered in this research.
Those are,
- Network

- Server

- Backup

- Web application

- Physical security

The research found that there were positive and negative comments in these categories. In the network
category, it was 66.67% secure and 33.33% (Figure 2) uncertain. Therefore, you still have to be careful to be
100% sure. As a recommendation, the firewall must first be configured correctly to avoid security threats.
Therefore, you must configure a network monitoring system to detect and prevent such threats.100% secure
server security (Figure 3). Therefore, there are no recommendations for server security.

Managing a Successful computing Project pg. 32

In backup security, the statistics were 66.67% safe and 33.33% (figure 4) insecure. That means that backups
need attention to make the system more secure. The company must implement an appropriate backup plan in
the system, must have remote backups, as well as local / on-site backups.
The web application needs more attention due to its research statistics. These are 75% unsafe and only 25%
safe (Figure 5). Therefore, you need a high priority to solve them and make them safer. You must update the
technologies used in the web application. You must validate risky entry points and close security holes. In
particular, the web application is the frontend and the platform with which external users interact. There you
have to be safer to avoid security threats.
Depending on the results of the results, physical security is well located and configured. Therefore, you do
not need any important recommendations.

Category Recommendations

- Properly configure and maintain a firewall

Network
- Setup a network monitoring system

Server - Maintain the server maintenance plans

- Implement the backup plan

Backup
- Establish remote and on-site backups

- Keep the applications up to date

Web application - Maintain a proper updating and upgrading schedule
- Use recommended applications

Physical security - Restrict unauthorized users

Table 7: Recommendations Source: (Author Develop)

3.3 Research report

This research is done to achieve the project goals and objectives. The research was conducted using a
questionnaire. Questionnaire divided into five main categories. These are network, server, backup, web
application, and physical security.

Managing a Successful computing Project pg. 33

It was 66.67% safe and 33.33% uncertain (Figure 2). Therefore, care must be taken that it is 100% safe. As a
recommendation, the firewall should initially be properly configured to prevent security threats. Therefore, a
network monitoring system must be set up.
In terms of backup security, the statistics were 66.67% secure and 33.33% uncertain (Figure 3). The
organization should implement an appropriate backup plan for their system. There should be remote backups
and local / on-premises backups.
The web application needs more attention. As in the results, 75% are unsure and only 25% are safe (Figure
5). Therefore, you need a high priority to solve them and make them safer. You must update the technologies
used in the web application. You must validate risky entry points and close security holes. In particular, the
web application is the front-end platform that interacts with external users. There you have to be sure to
avoid security threats. According to the results of the results (Figure 6), physical security is well located and
configured.
Previous research was conducted using a questionnaire that covers the entire system. The questionnaire
consisted of questions that can be answered with two options. Therefore, it offers the possibility of providing
simple and clear comments on the questions. This facilitates the analysis and guarantees the accuracy of the
feedback. The questionnaires are diverse as a qualitative examination method. Therefore, it is difficult to
analyze the results and it cannot be guaranteed that the comments are correct. However, the method used
above makes it clearer and easier to respond and retrieve relevant comments.
The analysis process uses the IBM SPSS tool. It is a well known and widely used application for these
analysis processes. It has the functions of analyzing and processing the specified data and displaying the
results in several ways, as the user needs. that is - Graphics (bar, line, histogram, area, pie charts) and tables
of maximum, minimum, average, etc. In addition, it has a variety of analysis techniques used several times.
Due to the above functions, it is very useful in data analysis. Therefore, these techniques can be used to get
an idea and make recommendations for each case. that is - Graphs (bar charts, pie charts) can be used to
easily present the results as a graphical representation that facilitates understanding. Other complex values
(mean, max, min, etc.) can also be called as tables if necessary.
Finally, the use of qualitative research methods is the most appropriate for this type of research. As a
qualitative research method, interrogators can define one of the simplest and most accurate methods of
collecting comments. And these questions must also be answered with two options (that is, yes or no) that
are simpler and help to obtain more precise answers in the investigation. The IBM SPSS tool facilitates the
analysis of comments and makes the results easier and more precise. It may be useful to make
recommendations on relevant areas based on the results.

Managing a Successful computing Project pg. 34

TASK 04

4.1 Value of undertaking a research to meet the project objectives

The main objective of this project was to identify security threats in the online shopping cart system. There
were five main elements that needed to be checked for security holes in this system. These were network,
servers, backups, web applications, physical security.
Browsing vulnerabilities is not an easy task today due to the complexity of the systems and the new
techniques used to exploit the systems. To simplify this process, a safety study of the online security
shopping cart in the organization was conducted. The investigation was based on the previous assets and
used a questionnaire to obtain comments from the staff.
By carrying out this research, you could obtain more information about the system and identify
vulnerabilities from different sources, such as the administration of the organization, system employees and
others. This provides more information about their views and makes security assessment easier and more
effective. Research also helps to easily identify the entire system without spending more time on it. It also
contains a summary of the system that identifies key problems and allows the project to be completed in a
timely manner.
These facts can be considered the main advantages of carrying out an research in the implementation of a
project.Finally, through a search, the system can be identified more quickly and a general picture of the
current system situation can be obtained. This helps to create a correct plan to achieve the objectives of the
project. And the use of research can also provide reliable and accurate information on various sources that
make the project successful and effective.

4.1.1 Project outcomes

This project was launched to identify the current security situation and to review the security threats and
risks of the online shopping cart system. Through this project, the entire system could be analyzed and many
risky areas of the shopping cart system found. Here are the results of the project being carried out,
- Identify the current situation of the system

- Identify the vulnerabilities in the system

- Identify possible threats that system will face in the future

- Define solutions for detected threats

The main objective of this project was to conduct an in-depth safety assessment of the online shopping cart
system. As mentioned earlier, these were the results that could be achieved with the start of the safety

Managing a Successful computing Project pg. 35

assessment. The first result is the current situation of the system, how the system is built and how it works.
And identified vulnerabilities in the system. Vulnerability checks found many threats in the system that
could affect the continuity of the online shopping system, such as: For example, web application errors,
backup procedure problems and network problems. Finding vulnerabilities in the system will create many
potential threats to the purchasing system in the future. B. Difficulty processing server client requests and
memory restrictions. More recently, solutions to the identified threats and risks were defined and applied. In
addition, the administration reported on the situation of the system and should consider the system.
Finally, this project will help you identify the current situation and the threats that must be addressed, as well
as the solutions to overcome the detected threats. It helped the organization to continue its service without
interruptions.

4.1.2 Decision-making process

Decision making is the process of making selections/choices by identifying a decision, gathering
information and assessing alternative decisions.[CITATION uma18 \l 1033 ]
According to umassd.edu (2018) decision-making process formed by seven steps as follow,
1. Identify the decision

2. Gather relevant information

3. Identify the alternatives

4. Weigh the evidence

5. Choose among alternatives

6. Take action

7. Review the decision and its consequences

- Identify decision

Identifies that need to make a decision and clearly define its nature.
- Gather relevant information

Gather pertinent information before make the decision. Decide what information is needed and best sources
of information.
- Identify the alternatives

Managing a Successful computing Project pg. 36

With collecting relevant information, will identify several possible ways/alternatives. In this step list all the
desirable alternatives.
- Weigh the evidence

Evaluate whether the decision identified in step one would be met through the use identified alternatives.
List-down the alternatives in a priority order.
- Choose among alternatives

Choose the alternative from listed in the step five.

- Take action

Take action by implementing the alternative choose in above step.

- Review the decision and its consequences

This is the last step. In this step, consider the results of the decision you made and evaluate whether the
problems identified in the first step have been resolved or not. If this is not the case, the process must be
repeated.
After the decision process mentioned above, one can make a correct decision without much effort. It helps to
make the right decision using alternative paths by evaluating each one. Therefore, the risk in decision
making may decrease. Therefore, this process can be used as necessary to make a decision in the project,
with less risk of making a wrong decision. This process was useful when decisions were made about the
online purchasing system in the initiated project.

4.1.3 Value gained from conducting the project

Consider the security of the online shopping cart system in this project. The main objective is to conduct a
security assessment to identify threats and vulnerabilities in the shopping cart system.

Why security is important

In an online shopping cart system, your protection is more important today. As technology grew, computers
became more common among people. Therefore, consumption is high compared to the past. Therefore,
threats have increased significantly due to this high-tech overhead. Due to the complexity of people's lives,
online shopping carts are famous among them. Therefore, many people bought products through these
online shopping systems. As a result, the number of transactions handled through this system has increased.
Therefore, many people / hackers go to these systems to fulfill their achievements, such as stealing

Managing a Successful computing Project pg. 37

confidential information, such as credit information, debit card or bank. Such an incident can destroy the
entire organization. For this reason, the security of the online shopping system is a more important fact that
should be considered.
Usefulness of a security assessment
As discussed earlier, security is more important in an online shopping system. When conducting a system
security assessment, you can identify key points in the system, such as: Web application errors, server and
network problems. These days of the week allow hackers to enter the system and meet their needs.
Therefore, these weekly points / entries must be removed and corrected by identification. As an example in
the previous security assessment, many threats and vulnerabilities have been found in the web application.
This was detected when testing the web application as part of the security evaluation of the purchasing
system.
Affect to the organizations sustainability
In an online shopping cart system, customers are the most important asset. If customers decide not to use the
online shopping system, it will have a critical impact on the organization. To achieve customer satisfaction,
the system must be safe and efficient. For the system to be secure, all threats must be identified in due
course. Ensures the continuity of the system for the future. Therefore, the security of the purchasing system
affects the sustainability of the company.
Therefore, the implementation of this project helps identify threats and vulnerabilities in the purchasing
system, and makes the system a safe place to use confidential information. Then customers can rely on
system security. Ensures the sustainability of the organization for the future.

References

Crossman, A. (2016). Typology . Retrieved September 10, 2018, from https://www.thoughtco.com/typology-

definition-3026722
DeFranzo, S. E. (2011, September 16). snapsurveys. Retrieved from snapsurveys:
https://www.snapsurveys.com/blog/qualitative-vs-quantitative-research/

Managing a Successful computing Project pg. 38

inloox. (2019). inloox. Retrieved from inloox: https://www.inloox.com/project-management-
glossary/project-management-process/
smartsheet. (2019). smartsheet. Retrieved from smartsheet: https://www.smartsheet.com/blog/demystifying-
5-phases-project-management
Stephanie. (2018). Trend Analysis: Simple Definition, Examples. Retrieved September 10, 2018, from
http://www.statisticshowto.com/trend-analysis/
teamgantt. (2019). teamgantt. Retrieved from teamgantt: https://www.teamgantt.com/blog/5-crucial-project-
management-phases
umassd.edu. (2018). Decision-making progess. Retrieved September 10, 2018, from
http://www.umassd.edu/fycm/decisionmaking/process
villanovau. (2019). villanovau university. Retrieved from villanovau university:
https://www.villanovau.com/resources/project-management/5-phases-project-management-lifecycle/
workbreakdownstructure. (2019). workbreakdownstructure. Retrieved from workbreakdownstructure:
https://www.workbreakdownstructure.com/

Managing a Successful computing Project pg. 39

Managing a Successful computing Project pg. 40
Managing a Successful computing Project pg. 41