Task 1. 1
Gathering and Analysis of Requirement 1
Answer 1. 1
Answer 2. 7
Answer 3. 8
Answer 4. 9
Answer 5. 11
Task 2. 12
Answer 1. 12
Answer 2. 12
Answer 3. 15
Answer 4. 15
Answer 5. 16
Answer 6. 19
Answer 7. 20
Answer 8. 22
Gathering and Analysis of Requirement
SDLC methodology in project creation:
It is the traditional software development methodology; the waterfall
method is a linear modeled phases
where each phase should be complete before moving onto next phase.
model yields a high quality and low cost system. The RAD model is the
abbreviated form of Random Application Development.
focuses on reduction and identification of the risk in a project. It handles
the risks and decides to take the next step of the project. In this model any
of the phases can be iterated.
It is an approach that is used for designing a software project and also allows frequent change in the development
The six steps of Waterfall model are as follows:
Analysis of Requirement
RAD is divided into four phases:
of Spiral model are:
Interaction and individual
Software for working
Collaboration with the customer
Respond to changes
Definition of each stage is clear.
Changing requirements can be accommodated.
Reduced development time.
Requirement based changes can be made
More accurate capturing of changes.
A real approach towards software development
Little or no planning is required.
Only after the final phase the product can be
Difficulty in measuring the phases during each
Module based system can only be produced.
Modeling skills are depended highly
Management is more complex.
It’s not apt for smaller projects
Not suitable for handling complex dependencies.
Depends on customer interaction so if customer
is not clear, team can be go in the wrong direction.
are very well documented, clear and fixed.
Application Development are mainly used when the system are modularized, so
that it can be delivered in increments.
evaluation will be a must when there are budget constraints.
methodology grants projects where change is used largely and is monitored by
will be the best suited methodology for this project, as the software company
has only 7 software professionals including the management due to this very
reason agile being used here. As this methodology needs a scrum master, product
owner, and a cross functional team with5 to 9 developers. This model also helps
in faster deployment.
engineering, also known as requirements analysis, is the process of determining
user needs for a new product. This feature is called requirements and it needs
to be relevant and given in detailed. Requirements are often called functional
specifications. Requirements analysis is one of the most important concepts
of project management in software engineering/SE. (Abhijit
The two types for analysing the requirement in a
SDLC life cycle,
requirements briefs what will be done by identifying the necessary tasks,
activities, and actions that must be done, functional requirements are to be
used as the top-level functions for functional analysis. Depending on expected
users and type of software, and also the types of systems where the software
will be used. Functional requirements of the user might be of high-level
statements of what the system will do; FS will tell the system services in
detail. Consider the user searching either all of the initial set of information
or select a part from it.
User Requirements: Statements in natural
language or by images of the services the system provides and its operational
System Requirements: A structured and detailed
document setting out the descriptions of the system service. It is written
between client and contractor
Software Specification: A detailed description of the
software that will be used to serve as basis for its designing. It’s written
for the software developers
Functional Requirement according for the project is:
provides the employee to register all his details and view the registered
can easily track the attendance of the employee and quickly produce the
attendance of the employee.
on the attendance the attendance will be marked for the employee.
Ø Non- Functional requirement
Product requirements: Requirements which specify
that the delivered product must behave in a particular way, example: execution
speed, reliability etc.
which are a part of organizational policy and procedure.
External requirements: Requirements that arise from external
contents to the system and its development process, for instance
interoperability requirements, legislative requirements.
Timeframe for Task Completion
It is defined as the time
required for completing a task. The example below consists of three sprints
names as analysis, implementation and evaluation. Mainly for gathering of
software, implementing, testing, and deployment of the project.
The timeframe for the given
case study using agile model is given below:
The graphical representation is also shown:
Threats to business
Most type of risks have economical impact, in
terms of extra costs or loss is revenue. The financial risk describes the flow
of money in and out of your organization, and the risks of unexpected financial
losses. (Scutify, 2017) They are the loss in money
which greatly affects the business. They may contain the following aspects like
loss of copyright information, financial fraud, and loss in productivity
Example, credit card information
hijacking, more money needed for production.
threat is considered as a statement passed by one, which takes a
legal action on the other, mostly accompanied by a demand that will be set by
the first party and must be followed by the other. It’s generally the legal exposure
associated with threats.
If individual’s private information is obtained and if it is disclosed by the
organization then the individual can legally expose the organization.
With legal threat and money, it’s vital to take regulator threats in
account. A regulatory infraction ensuing from a data security an
incident could lead on to
fines or different penalties
(including imprisonment of employees concerned), as temporary or permanent
suspension of company. Money establishments, takes the laws
governing their operation seriously and taking full responsibility to consequences of disobedience; wherein healthcare, wholesalers, and
public companies are regulated.
The key to representative regulatory threats knows the regulations or necessary industry
standards leading the data your
organization is process.
threat leads to fines or leads to the suspension of company operations along
with the payment of penalties.
Example: A PCI data security, system
The most extensive records on computer security is about technical threats such as virus, Trojan and malwares,
but a serious study to apply cost operative countermeasures can only be
conducted following a hard IT risk analysis. They affect transmitted information or
Examples of technical threats
are system failure, viruses.
Physical threats are usually facility associated
and often can be tied to natural events or mechanical failures. Unpredicted threads like natural disasters,
infrastructural fails, and malicious attacks can’t be stopped but it sure can
be lessened and can minimize the damages with proper preparations.
Examples of physical threats
are physical intrusion, water seepage.
possibility for loss, damage or wreckage of a skill as a result of a threat misusing
a weakness. The
risk consists of three elements:
It is distinct as
anything of value to the association may be impaired or destroyed. People may include workforces and clients along with
other concerning persons such as servicers or invitees. Property assets involves
of both tangible and intangible items that can be assigned importance.
Intangible assets consists of status and trademarked information.
Information may include databases information, code, important company organization
records and other intangible matters.
It is defined as an
undesirable impact occurring in many forms, often resulting in a financial
loss. Something that can abuse a weakness, purposefully
or accidentally, and causes damage, or destroy an asset.
For example: fire or company
secrets known o others.
can be called as the weakness or absence which can be estimated based on the
percentile in controlling weakness. Weaknesses
or breaches in a security program that can be abused by threats to gain unapproved
access to an asset.
Example: Personal information
hijack. (Nancy A. Renfroe, 2002)
Risk assessment, the formula
used to determine risk is..
‘A + T + V = R’
“That is, Asset + Threat +
Vulnerability = Risk”.
Risk is a purpose of threats misusing
liabilities to obtain destroy assets. Thus, threats may occur, but if there are
no liabilities then there is little/no risk. Likewise, you can have weakness,
but if you have no threat, then you have little/no risk.
Vulnerabilities that could
take place in the project given in the case study are:
It is the most
common vulnerability due to the lack of deployment of the project. In any given
database can be tested for the functionality and make sure of the designed
Database is the
back end of the project so it becomes very vulnerable for the hackers to hijack
the data. To avoid such mistakes the administrator should encrypt the data.
thread to vulnerability is the inconsistency of the dara. Both the
administrator and the developer need to take precautions regarding this threat.
Advantage of Use Case Diagram:
requires identification of scenarios.
Ø By considering user’s point
of view we will develop the use case diagram to ensure the correct system is
Ø Because they
include diagrams and natural language, they are easy to appreciate and provide
an excellent way for interact with customers and users.
a detailed view of a system
Use Case Diagram:
A use case
diagram can either be a nonconcrete use case or a concrete use case. A nonconcrete
use case will not be instantiated on their own, but is only expressive
when used to define its functionality that is common between other use cases. Other
hand, a concrete use case can be instantiated to create a
specific scenario. The
main use of use case diagram is to apprehending
the system dynamically. The diagram for the above mentioned is given as
The use case below has
three actors’ employee, manager and an admin. The employee makes a new
registration for an attendance system and also marks the attendance. The admin
creates the new account and manages the salary. The manager can view, update
and create the attendance of the employee.
Difference between High-Level-Design (HLD) and Low-Level-Design (LLD)
This design divides the single entity into multiple component design into
a sub-system of very less abstraction and depicts their interaction with each
other. High-level design focuses on how the system along with all of its
components can be implemented in forms of modules and also at the
side of all of its elements will be enforced in sorts
of modules. It acknowledges the standard structure of every sub-system and their
relation and interaction with one
Detailed Design (Low Level Design)
This design deals with the implementation a part of what’s seen
as a system and its sub-systems within
the previous design. It’s elaborated towards modules and their implementations. It
defines logical structure of every module
and their interfaces to speak with alternative modules. (S, 2016)
UML (Unified Modelling
Language) Class diagram and its uses
Modeling Language, also known as class diagram is a general-purpose modeling
language in software development life cycle.
use case diagrams are as follows:
Ø Used to gather
the system requirements.
Ø For showing
interaction between the actors.
Ø To get an external
view on the system.
Ø For exterior
and interior issues identification which influence the system.
UML models types include:
onto member variables or data members in code.
The return type of a method is
after the colon of the operation signature at the end.
before an operation name and an attribute in a class is denoting the
Six different relationship notations
that exists in UML Class Diagram:
There are six types of logical
connections in UML,
Association includes rational association or relationship among classes, for
instance airplane and passenger can be linked.
It is a directed connection in association represented with
an arrowhead using lines.
When a class has multiple
functions it’s called as reflexive association.
Multiplicity is an association based on
logical aspects when the cardinality in relation in a relation to need to be
depicted to other class. ‘The notation 0..* in the figure means “zero to many”‘.
It refers to the formation of a specific class as a result of one class collected or designed as a group. To point out aggregation in an exceedingly diagram, draw a line from the base class to the derived class with a diamond form close to the parent category.
The composition relationship is incredibly almost like the aggregation relationship, the sole distinction being its key purpose of action the dependence of the
contained class to the
life cycle of the
to a sort of
relationship whereby one
class may be a derived of another by the same functionalities of
the base class.
It defines the implementing of
the functionality outlined in one class by someother classes.
Six “Multiplicity” constraints
Multiplicity is an association based on logical
aspects when the cardinality in relation in a relation to need to be depicted
to other class. ‘The notation 0..* in the diagram means “zero to many”‘.
Six types of multiplicity are given:
Collection must be empty
No instances or one instance
Exactly one instance
Zero or more instances
At least one instance
At least m but no more than n instances
To draw UML Diagram based on the given criteria:
A class is
a classifier which describes a set of objects
that share the same features
class as a rectangle containing the class name, and optionally with partitions
separated by horizontal lines containing features or members of the classifier.
The UML class diagram with
the specifications is as follows,
The below class diagram has
three classes named Employee, Work zone and shift. They are drawn based on the
Employee data – Employees
information defined as, employee first name and last name, ID no, telephone no,
address, date(s) present, date(s) on leave, hotel work zone and shift allotted.
The employee can perform
the following actions – apply for leave and choose to work in a particular
The hotel has three shifts
– morning shift, evening shift and night shift. An employee not on leave must
be allocated to one and only one of the three kinds of shift in one day.
Each shift must at least
have one employee. The hotel has the following work zones- rooms, restaurant,
lounge and toilet.
For each shift (i.e.
morning, evening or night) there must be an allocation for each of the work
Every working employee must
be allocated to one and only work zone in their shift.
Each work zone must have at
least one employee
State Transition Network (STN) for the daily operation of the attendance
management part of the software is as follows:
A STN is a diagram that
is made for a set of data and charts the flow of data from specific
data points called states or nodes.
In automata theory and sequential
a state transition table is
a table showing what state (or states in the case of a nondeterministic
a finite semi automaton or finite
state machine will
move to, based on the current state and other inputs. A state table is
essentially a truth table in which some of the
inputs are the current state, and the outputs include the next state, along
with other outputs.
A state table is one of many ways to
specify a state machine, other ways being a state
and a characteristic equation.
the likely inputs to the device are numbered across the columns of the table.
All the possible states are numbered across the rows.
It is possible to draw a state
the table. A structure of easy to follow steps is given below:
1. Draw circles to signify the
2. For each of the states, test across
the matching row and draw an arrow to the target state(s). There can be
multiple arrows for an input character if the automaton is an NFA.
3. Designate a state as
the start state. The start state is given in
the formal definition of the automaton.
4. Designate one or more states
as accept state. This is also given in the
The above diagram is draw
based on the given criteria in the case study.
The starting state is when the employee
enters the company first and the finish state is when the employee leaves
finally for the day.
The attendance system is electronic and
the employees have to tap their card on the card reader to register their
entry and exit from the company.
Once the employee taps, an entry is made
in a database table, this entry can be called ‘Employee In’
If the employee taps a second time the
database entry is ‘Employee Out’.
An employee can tap in and out multiple
times during the work hours of 9 am to 5 pm. The final exit for the day is
considered at 5pm and total hours worked is calculated from the first tap
to the last tap before or at 5pm.
6. If an employee has a gap of
more than 1 hr between a tap in and out, they are reported to the HR.
Abhijit Chakraborty, M. K. (2012). The
Role of Requirement Engineering in Software Development Life Cycle. Journal
of Emerging Trends in Computing and Information Sciences , 7.
(2013, 5 july). Waterfall vs. Agile: Which is the Right Development
Methodology for Your Project? Retrieved jan 10, 2018, from
Renfroe, P. a. (2002). THREAT / VULNERABILITY ASSESSMENTS AND RISK
ANALYSIS . Washington: Applied Research Associate.
(2016, Dec 21). what are the major differences between HLD,DLD,LLD?
Retrieved jan 10, 2018, from Informatica: www.network.informatica.com
(2017, nov 14). How Threat Models are crucial to secure the Software
Development Process. Secure software development , p. 2.