Contents Task 1. 1 Gathering and Analysis of Requirement 1 Answer 1. 1 Answer 2.
7 Answer 3. 8 Answer 4. 9 Answer 5. 11 Task 2.
12 System Design.. 12 Answer 1. 12 Answer 2. 12 Answer 3.
15 Answer 4. 15 Answer 5. 16 Answer 6.
19 Answer 7. 20 Answer 8. 22 Bibliography. 24 Task 1Gathering and Analysis of RequirementAnswer1 SDLC methodology in project creation: Features Waterfall Model RAD Model Spiral Model Agile Model Definition It is the traditional software development methodology; the waterfall method is a linear modeled phases where each phase should be complete before moving onto next phase. This model yields a high quality and low cost system. The RAD model is the abbreviated form of Random Application Development. This model focuses on reduction and identification of the risk in a project. It handles the risks and decides to take the next step of the project.
In this model any of the phases can be iterated. It is an approach that is used for designing a software project and also allows frequent change in the development project. Phases The six steps of Waterfall model are as follows: · Analysis of Requirement · System Designing · Implementation · Testing · Deployment · Feedback RAD is divided into four phases: · User Design · Requirements · Planning · Construction · Cutover Five phase of Spiral model are: · Planning · Risk Analysis · Engineering · Execution · Evaluation Agile principles are · Interaction and individual · Software for working · Collaboration with the customer · Respond to changes Strength · Easy Understandability · Definition of each stage is clear. · Changing requirements can be accommodated. · Reduced development time.
· Requirement based changes can be made · More accurate capturing of changes. · A real approach towards software development · Little or no planning is required. Weakness · Only after the final phase the product can be released. · Difficulty in measuring the phases during each stages. · Module based system can only be produced. · Modeling skills are depended highly · Management is more complex. · It’s not apt for smaller projects · Not suitable for handling complex dependencies. · Depends on customer interaction so if customer is not clear, team can be go in the wrong direction.
Usage Requirements are very well documented, clear and fixed. Random Application Development are mainly used when the system are modularized, so that it can be delivered in increments. Risk evaluation will be a must when there are budget constraints.
This methodology grants projects where change is used largely and is monitored by time. Cost Low Low Expensive Intermediate Agile modelwill be the best suited methodology for this project, as the software companyhas only 7 software professionals including the management due to this veryreason agile being used here. As this methodology needs a scrum master, productowner, and a cross functional team with5 to 9 developers. This model also helpsin faster deployment. Answer 2 Requirements Engineering/Analysis:Requirementsengineering, also known as requirements analysis, is the process of determininguser needs for a new product.
This feature is called requirements and it needsto be relevant and given in detailed. Requirements are often called functionalspecifications. Requirements analysis is one of the most important conceptsof project management in software engineering/SE. (Abhijit Chakraborty, 2012)The two types for analysing the requirement in aSDLC life cycle, Ø FunctionalRequirements Functionalrequirements briefs what will be done by identifying the necessary tasks,activities, and actions that must be done, functional requirements are to beused as the top-level functions for functional analysis.
Depending on expectedusers and type of software, and also the types of systems where the softwarewill be used. Functional requirements of the user might be of high-levelstatements of what the system will do; FS will tell the system services indetail. Consider the user searching either all of the initial set of informationor select a part from it. User Requirements: Statements in naturallanguage or by images of the services the system provides and its operationalconstraints.
System Requirements: A structured and detaileddocument setting out the descriptions of the system service. It is writtenbetween client and contractorSoftware Specification: A detailed description of thesoftware that will be used to serve as basis for its designing. It’s writtenfor the software developersTheFunctional Requirement according for the project is:1. EmployeeRegistrationItprovides the employee to register all his details and view the registereddetails.2. EmployeeAttendance ManagementItcan easily track the attendance of the employee and quickly produce theattendance of the employee.3. OpinionManagementBasedon the attendance the attendance will be marked for the employee.
Ø Non- Functional requirement Product requirements: Requirements which specifythat the delivered product must behave in a particular way, example: executionspeed, reliability etc. Organizationalrequirements: Requirementswhich are a part of organizational policy and procedure. External requirements: Requirements that arise from externalcontents to the system and its development process, for instanceinteroperability requirements, legislative requirements. Answer 3Timeframe for Task Completion It is defined as the timerequired for completing a task.
The example below consists of three sprintsnames as analysis, implementation and evaluation. Mainly for gathering ofsoftware, implementing, testing, and deployment of the project.The timeframe for the givencase study using agile model is given below: The graphical representation is also shown: Answer 4 Threats to businessa. FinancialTreatsMost type of risks have economical impact, interms of extra costs or loss is revenue. The financial risk describes the flowof money in and out of your organization, and the risks of unexpected financiallosses. (Scutify, 2017) They are the loss in moneywhich greatly affects the business.
They may contain the following aspects likeloss of copyright information, financial fraud, and loss in productivity Example, credit card informationhijacking, more money needed for production.b. LegalThreat A legalthreat is considered as a statement passed by one, which takes alegal action on the other, mostly accompanied by a demand that will be set bythe first party and must be followed by the other. It’s generally the legal exposureassociated with threats. Example:If individual’s private information is obtained and if it is disclosed by theorganization then the individual can legally expose the organization.
c. RegulatoryThreatWith legal threat and money, it’s vital to take regulator threats inaccount. A regulatory infraction ensuing from a data security anincident could lead on tofines or different penalties(including imprisonment of employees concerned), as temporary or permanentsuspension of company. Money establishments, takes the lawsgoverning their operation seriously and taking full responsibility to consequences of disobedience; wherein healthcare, wholesalers, andpublic companies are regulated. The key to representative regulatory threats knows the regulations or necessary industrystandards leading the data yourorganization is process.
Thisthreat leads to fines or leads to the suspension of company operations alongwith the payment of penalties.Example: A PCI data security, systemmalfunctions.d. TechnicalThreatsThe most extensive records on computer security is about technical threats such as virus, Trojan and malwares,but a serious study to apply cost operative countermeasures can only beconducted following a hard IT risk analysis. They affect transmitted information orelectronically stored. Examples of technical threatsare system failure, viruses.e.
Physical Threats Physical threats are usually facility associatedand often can be tied to natural events or mechanical failures. Unpredicted threads like natural disasters,infrastructural fails, and malicious attacks can’t be stopped but it sure canbe lessened and can minimize the damages with proper preparations.Examples of physical threatsare physical intrusion, water seepage.
Answer 5Risk Elements:Thepossibility for loss, damage or wreckage of a skill as a result of a threat misusinga weakness. Therisk consists of three elements:AssetsIt is distinct asanything of value to the association may be impaired or destroyed. People may include workforces and clients along withother concerning persons such as servicers or invitees.
Property assets involvesof both tangible and intangible items that can be assigned importance. Intangible assets consists of status and trademarked information. Information may include databases information, code, important company organizationrecords and other intangible matters.
Example: personalinformation, equipments.ThreatsIt is defined as anundesirable impact occurring in many forms, often resulting in a financialloss. Something that can abuse a weakness, purposefullyor accidentally, and causes damage, or destroy an asset.
For example: fire or companysecrets known o others.VulnerabilitiesVulnerabilitiescan be called as the weakness or absence which can be estimated based on thepercentile in controlling weakness. Weaknessesor breaches in a security program that can be abused by threats to gain unapprovedaccess to an asset.Example: Personal informationhijack. (Nancy A. Renfroe, 2002)Risk assessment, the formulaused to determine risk is..’A + T + V = R'”That is, Asset + Threat +Vulnerability = Risk”.
Risk is a purpose of threats misusingliabilities to obtain destroy assets. Thus, threats may occur, but if there areno liabilities then there is little/no risk. Likewise, you can have weakness,but if you have no threat, then you have little/no risk.Vulnerabilities that couldtake place in the project given in the case study are:1. DeploymentFailure:It is the mostcommon vulnerability due to the lack of deployment of the project. In any givendatabase can be tested for the functionality and make sure of the designeddatabase.
2. DataLeak:Database is theback end of the project so it becomes very vulnerable for the hackers to hijackthe data. To avoid such mistakes the administrator should encrypt the data.
3. Inconsistencyin DataThe commonthread to vulnerability is the inconsistency of the dara. Both theadministrator and the developer need to take precautions regarding this threat. Task 2System Design Answer 1Advantage of Use Case Diagram:Ø Itrequires identification of scenarios.Ø By considering user’s pointof view we will develop the use case diagram to ensure the correct system isdeveloped.Ø Because theyinclude diagrams and natural language, they are easy to appreciate and providean excellent way for interact with customers and users. Ø Providesa detailed view of a system Answer 2 Use Case Diagram:A use casediagram can either be a nonconcrete use case or a concrete use case.
A nonconcreteuse case will not be instantiated on their own, but is only expressivewhen used to define its functionality that is common between other use cases. Otherhand, a concrete use case can be instantiated to create aspecific scenario. Themain use of use case diagram is to apprehendingthe system dynamically.
The diagram for the above mentioned is given asfollows: The use case below hasthree actors’ employee, manager and an admin. The employee makes a newregistration for an attendance system and also marks the attendance. The admincreates the new account and manages the salary. The manager can view, updateand create the attendance of the employee. Answer 3Difference between High-Level-Design (HLD) and Low-Level-Design (LLD) High-level DesignThis design divides the single entity into multiple component design intoa sub-system of very less abstraction and depicts their interaction with eachother.
High-level design focuses on how the system along with all of itscomponents can be implemented in forms of modules and also at theside of all of its elements will be enforced in sortsof modules. It acknowledges the standard structure of every sub-system and theirrelation and interaction with oneanother. Detailed Design (Low Level Design)This design deals with the implementation a part of what’s seenas a system and its sub-systems withinthe previous design. It’s elaborated towards modules and their implementations. Itdefines logical structure of every moduleand their interfaces to speak with alternative modules.
(S, 2016) Answer 4UML (Unified ModellingLanguage) Class diagram and its usesThe UnifiedModeling Language, also known as class diagram is a general-purpose modelinglanguage in software development life cycle.Theuse case diagrams are as follows: Ø Used to gatherthe system requirements.Ø For showinginteraction between the actors.Ø To get an externalview on the system. Ø For exteriorand interior issues identification which influence the system.
UML models types include: a. Class AttributesAttributes plotonto member variables or data members in code. b. Class Operation: The return type of a method is after the colon of the operation signature at the end. Class VisibilityThree symbolsbefore an operation name and an attribute in a class is denoting thevisibility. private attributes =’-‘ public attributes =’+’ protected attributes =’#’ Answer 5Six different relationship notationsthat exists in UML Class Diagram: There are six types of logicalconnections in UML,a.
AssociationAssociation includes rational association or relationship among classes, forinstance airplane and passenger can be linked. · Directed AssociationsIt is a directed connection in association represented withan arrowhead using lines. · Reflexive AssociationWhen a class has multiplefunctions it’s called as reflexive association.
b. MultiplicityMultiplicity is an association based onlogical aspects when the cardinality in relation in a relation to need to bedepicted to other class. ‘The notation 0..* in the figure means “zero to many”‘.
AggregationIt refers to the formation of a specific class as a result of one class collected or designed as a group. To point out aggregation in an exceedingly diagram, draw a line from the base class to the derived class with a diamond form close to the parent category. d. CompositionThe composition relationship is incredibly almost like the aggregation relationship, the sole distinction being its key purpose of action the dependence of thecontained class to thelife cycle of thecontainer class. e. Inheritance/ GeneralizationIt refersto a sort ofrelationship whereby oneclass may be a derived of another by the same functionalities ofthe base class. f. RealizationIt defines the implementing ofthe functionality outlined in one class by someother classes.
Answer 6 Six “Multiplicity” constraintsMultiplicity is an association based on logicalaspects when the cardinality in relation in a relation to need to be depictedto other class. ‘The notation 0..
* in the diagram means “zero to many”‘.Six types of multiplicity are given: Multiplicity Option Cardinality 0..
0 0 Collection must be empty 0..1 No instances or one instance 1..
1 1 Exactly one instance 0..* * Zero or more instances 1..* At least one instance m..
n At least m but no more than n instances Answer 7To draw UML Diagram based on the given criteria:A class isa classifier which describes a set of objectsthat share the same features· constraints· semanticsWe representclass as a rectangle containing the class name, and optionally with partitionsseparated by horizontal lines containing features or members of the classifier. The UML class diagram withthe specifications is as follows, The below class diagram hasthree classes named Employee, Work zone and shift. They are drawn based on thegiven criteria · Employee data – Employeesinformation defined as, employee first name and last name, ID no, telephone no,address, date(s) present, date(s) on leave, hotel work zone and shift allotted.· The employee can performthe following actions – apply for leave and choose to work in a particularshift.
· The hotel has three shifts– morning shift, evening shift and night shift. An employee not on leave mustbe allocated to one and only one of the three kinds of shift in one day. · Each shift must at leasthave one employee. The hotel has the following work zones- rooms, restaurant,lounge and toilet. · For each shift (i.
e.morning, evening or night) there must be an allocation for each of the workzones. · Every working employee mustbe allocated to one and only work zone in their shift. · Each work zone must have atleast one employee Answer 8State Transition Network (STN) for the daily operation of the attendancemanagement part of the software is as follows:A STN is a diagram thatis made for a set of data and charts the flow of data from specificdata points called states or nodes.
In automata theory and sequentiallogic,a state transition table isa table showing what state (or states in the case of a nondeterministicfinite automaton)a finite semi automaton or finitestate machine willmove to, based on the current state and other inputs. A state table isessentially a truth table in which some of theinputs are the current state, and the outputs include the next state, alongwith other outputs.A state table is one of many ways tospecify a state machine, other ways being a statediagram,and a characteristic equation.
Allthe likely inputs to the device are numbered across the columns of the table.All the possible states are numbered across the rows. It is possible to draw a statediagram fromthe table. A structure of easy to follow steps is given below:1. Draw circles to signify thestates given.2. For each of the states, test acrossthe matching row and draw an arrow to the target state(s). There can bemultiple arrows for an input character if the automaton is an NFA.
3. Designate a state asthe start state. The start state is given inthe formal definition of the automaton.4. Designate one or more statesas accept state.
This is also given in theformal definition. The above diagram is drawbased on the given criteria in the case study. The starting state is when the employee enters the company first and the finish state is when the employee leaves finally for the day. The attendance system is electronic and the employees have to tap their card on the card reader to register their entry and exit from the company. Once the employee taps, an entry is made in a database table, this entry can be called ‘Employee In’ If the employee taps a second time the database entry is ‘Employee Out’. An employee can tap in and out multiple times during the work hours of 9 am to 5 pm. The final exit for the day is considered at 5pm and total hours worked is calculated from the first tap to the last tap before or at 5pm.6.
If an employee has a gap ofmore than 1 hr between a tap in and out, they are reported to the HR. Bibliography Abhijit Chakraborty, M. K. (2012). The Role of Requirement Engineering in Software Development Life Cycle. Journal of Emerging Trends in Computing and Information Sciences , 7. Lotz, M. (2013, 5 july).
Waterfall vs. Agile: Which is the Right Development Methodology for Your Project? Retrieved jan 10, 2018, from www.seguetech.com: www.seguetech.com Nancy A.
Renfroe, P. a. (2002).
THREAT / VULNERABILITY ASSESSMENTS AND RISK ANALYSIS . Washington: Applied Research Associate. rohit. (2014). bbjbjbkbbj. S, S. (2016, Dec 21).
what are the major differences between HLD,DLD,LLD? Retrieved jan 10, 2018, from Informatica: www.network.informatica.com Scutify. (2017, nov 14).
How Threat Models are crucial to secure the Software Development Process. Secure software development , p. 2.