Abstract
This project plan is about proposing and developing a new password visualization and authentication system for the “DataBank” service of the Datamatix, a leading knowledge provider in UAE. This project also intends to provide guideline for users regarding strong password selection. This project plan describes in detail the project scope, the project acceptance criteria, the project deliverables, the project constraints, the project assumption and exclusions. This project plan report also discusses, time management, cost management and risk management besides the work breakdown structure of the entire project. At the end of the project a small discussion section is also added for team members to be aware of the project requirements.
Introduction
The rise of the internet has resulted in the increase used of computers at a large scale and in almost every aspect of life. Nearly every task has been replaced by a computer, interconnected, making it easier to perform even those tasks that were once difficult. This widespread use of computer and the internet, while easing everyday life also caused some major problems. One of these problems that are specifically related to the internet is the security and privacy of the information or data spread across the internet. The key object, that is still widely used for restricting the unauthorized access, is passwords. These small sets of characters are designed to secure the information and the system and are the key responsibility of the user. Despite this clear truth, a lot of people still consider it to be a corporate responsibility (Cole, 2002) and are right to some extent. Organizations are actually the ones that are responsible for ensuring that their infrastructure is so secure that it can stand off any security breaches or attacks (Shah and Mehtre, 2014). In order to provide that level of security, they have to take key measures and develop strong guidelines regarding unauthorized access.
Datamatix is one of the leading global knowledge providing a group of the world having more than thirty years of experience. Besides providing the training and education to the individual organization in order to make them excel in their business, the group also provides them with IT solutions. One of the IT services provided by Datamatix group is the “Data Bank”, a secure online place for the information and data for different client groups and firms. The information given by the Datamatix about their “Data Bank” service, the security of the data stored at their servers is one of the primary aspects of their data privacy policy (“DataBank”, 2019). But since passwords play an important role in the security of any electronic information and data, the need for password visualization and authentication is importantly required. This paper is therefore proposed a systematic plan for is to identify the weaknesses in the “Data Bank” service of the Datamatix and provide solutions for them, especially in terms of passwords.
Client Requirements and Meetings
The key purpose of any project is to accomplish the aims and objectives of the project that are based on client requirements. The requirements actually help in better understanding of the project itself and are a crucial part of any project management plan. Since the key client or stakeholder of this project is Datamatix, the identification and understanding their need is therefore required. The best method for identifying and understanding the basic needs and requirements of the client is to ask them by having a direct meeting with them (Sharma, 2013).
Client and Team Meetings
There will be multiple meeting between the team members and with the clients. The very first meeting will be with the client, i.e. Authorities of Datamatix, especially the ones managing the “DataBank” service. This meeting will help in understanding the actual objectives of the project, their budget and the time span they have. The second meeting will be a team meeting, intended to understand that minutes of the first client meeting and to develop a strategy for the project execution. This meeting will also act as the task distribution platform. The third meeting will again be with team members, it will be held after the thorough study of the current system of the “DataBank” and the preparation of the report on the needs of the project. It will act as the actual project planning team meeting. A fourth meeting will also be conducted but this time it will be a client meeting discussing the client’s perspective on the proposed project plan discussed earlier in the third meeting. The final and the last meeting will be a team meeting that will be conducted at the end of the project to wind up all the things and to discuss the project success.
Client Requirements
Some of the key client requirements that are identified so far against their objective and policies are as follows:
Requirements | Description | Priority |
In-depth analysis of the current security system of “DataBank” | The key aim and objective of this project are to identify any loopholes in the security of the “DataBank” especially the one that is related to the passwords, therefore an in-depth analysis of the current password visualization system of “DataBank” is needed. | Very High |
Provide alternative password visualization and authentication system | Not only to identify the loopholes in the security system of “DataBank” but also to provide them with a solution of alternative password visualization and authentication system that can help them in maintaining their services as per their policies. | Very High |
Setting up guidelines for users | Since securing the passwords are not only the responsibility of organizations but also the key duty of users, therefore describing a guideline for setting up an unbreakable password is a key requirement | High |
Cost and time management | Cost and time are two must have consideration of a successful project therefore timely and on budget completion of the project is required | Moderate |
Stakeholder Perspectives
The key stakeholder of this project is Datamatix, one of the industry’s leading knowledge provider (“Datamatix – The Power of Trust”, 2019), the project objectives and requirements revolves around them. Besides them there are some other stakeholders as well, such as users and the team members of “DataBank” and since their perspective is also of equal importance (Cekic, Surlan & Kosic, 2017) therefore an understanding of the project in terms of their standpoint is also required.
The users of “DataBank” will certainly find this project, a great help in their use if the project gives them easy understanding and integration of the newly proposed password visualization and authentication system. The will certainly feel more secure if they find the new proposed system up to the industry standards. The team members will, on other hand find this project as a success if and only if they do not need to restructure all the other security measures.
Project Scope
The set of definitions of the steps taken during a project, that may include all of the functions and objectives of the final product or service are defined as the project scope. These set of definitions provide a detailed overview of what a project is all about and therefore are of great importance. The key definitions of these functions of this project are as follows:
Description of the Project Scope
This project is designed to highlight the importance of password visualization and authentication for creating a secure system. And to establish the guidelines about the complex password creation and the use of them. The project will also discuss different visualization techniques used for the password assumption especially the ones that are complex in nature. These password visualization techniques may be of different types such as hash visualization, image grid visualization and so on.
- The scope of this password visualization and authentication project has a wide area of coverage. The objectives and aims that are included in this project are as follows:
- The identification of the current security state of the system of the “Data Bank”.
- The identification of the password strength through different tools of visualization.
- The delivery of the guidelines for strong and more secure passwords.
- The selection of the most suitable password authentication and visualization solution for the Datamatix.
Acceptance Criteria
The success of any project depends on the accomplishment of the project objectives, in time and in cost completion of the project (Anderson, Molenaar and Schexnayder, 2007). The success criteria of the projectare, therefore, act as the acceptance criteria of the project. The acceptance criteria of this project are therefore related to the successful identification of the risks and the target of the project that can only be achieved through the constant studying and monitoring of the project and is all about achieving a strong password authentication and visualization system for the “Data Bank” of the Datamatix. Besides this, the project is required to be cost-effective in nature as is already discussed that passwords are the most cost-efficient and key aspects of the security. The criteria for acceptance of this project is based on the fulfilment of the following requirements.
- Developed a strong password visualization system for the authentication system of the “Data Bank”.
- Will reduced the cost and time spent by Datamatix on the security measures taken by them.
- Help the organization in establishing its privacy policy and in achieving the “Datamatix 2020” strategy.
- Develop a guideline and motivate the users to use complex and strong passwords.
Project Deliverables
Demonstrable as well as physical results or outcomes that belongs to product or project type (Marchewka, 2015) and are crucial for both client and team members are defined as the project deliverables. The project deliverables for this project are as follows:
- Identification report of the current security situation of the system of the “DataBank”, especially in terms of the password security.
- Selection and proposing of a valid modern password visualization and authentication technique for the “DataBank”.
- Setting up of the guideline for providing the most strong passwords that are non-vulnerable to current cyber attack techniques.
Project Exclusions
In order to describe the non-deliverable items or results of the project, project exclusions are added in the project plan. They clearly describe, what the project team is not going to and not bound to deliver. The project exclusions for this password visualization and authentication project are:
- Any services, other than password visualization, such as securing the database.
- Any training to users for setting up strong passwords besides the written guideline.
- Any services related to or extended to hacking or finding loopholes or vulnerability in the overall system
- Any services related to legal aspects of data breach and privacy.
Project Constraints
Limitations or constraints are other aspects of the project. Since this password is about password visualization and authentication hence a lot of limitations are associated with this project. The projects lack the development of a completely new authentication system along with the signup. This projects also have constraints of not discussing the current trends in password cracking and what countermeasures should be taken, i.e. setting up IP-detector, antiviruses, account lockout mechanism, automatic log out and use of password tokens (Han, Wong and Chao, 2014).
Project Assumptions
The assumption made for this project is that Datamatix will be providing the related access and information to the researchers, as and when needed. The company and its employees will also help in creating an environment, friendly and healthy enough to be supportive in nature for the bringing up of the projects and acquiring the objectives of the project as mentioned earlier. No steps or activities that may result in the alteration of the results of the project or that can delay the project itself must not be taken by the organization during the project phase.
Work Breakdown Structure (WBS)
The best method for organizing or starting a project is to draw the outline of what is going to be done. WBS or work breakdown structure is an informal list of project activities (Haugan, 2001). A brief work breakdown structure of this project, that has five major phases, is as follows:
- Start of the Project
- Team selection for the project
- Distribution of the responsibilities of the project
- Identification of the current password system of the “DataBank”
- Preparation of the report for further discussion with the client
- Planning Phase
- Meeting with client to identify their need and requirements
- Identification of risks associated with the project
- Discussion of the budget and other legal circumstances
- Development of actual project plan
- Development Phase
- Studying different password visualization and authentication techniques
- Identifying and in-depth analysis of the user’s behaviour in terms of password selection
- Development of customised password visualisation technique for “DataBank”
- Implementation Phase
- Setting up the newly developed password visualisation and authentication system
- Performing test and analysis (password cracking) to identify any loop holes
- Eradicating any observed vulnerabilities
- Finalising of the Project
- Handling over the system to the Datamatix team
- Preparation of the guideline for strong password selection
- Preparation of a final report for client and stakeholders
- Closing meeting of the project.
WBS Dictionary
WBS Element | Element Description |
Start of the Project | All the functions and activities that are needed prior to the opening of a project will be part of this phase. From the selection of the team members to the distribution of their responsibilities and from identification of the current state of the system to the preparation of the pre-project report for the client all crucial activities will be addressed here in this phase. |
Planning Phase | As the name suggests the actual planning that is related to either time or cost or to the risk will be done in this phase. Meetings with clients and actual preparation of the project plan report will also be part of this phase. |
Development Phase | Actual development of the password visualization and authentication technique based on the analysis of the trends of the user passwords and literature is the key activity of this phase. |
Implementation Phase | Setting up and finalising of the password visualization and authentication technique will be done in the implementation phase. |
Finalising of the Project | Winding up of the project by having the last meeting with clients and providing them with the final report and the guidelines developed for the users of “DataBank” so that they can have strong passwords will be the part of the final stage of the project. |
Time Management
Time and cost are two basic criteria of project success and are therefore the part of almost every other project plan (Bouvrie, 2016). This project spans almost two months starting from the 28th February of 2019 to 30th April 2019. This long enough time period for this project is designed in order to maintain the quality and privacy of the final outcomes of the project. A short timeline for the project in terms of its milestones and deliverables is as follows:
Milestones and Deliverables | ||
Milestones | Deliverables | Expected Date |
Distribution of the responsibilities of the project team | 28th Feb 2019 | |
Study of the current security system of the Data Bank | 2nd Mar 2019 | |
Report on the current situation of the security infrastructure | 9th Mar 2019 | |
Development of the project plan and team meets. | 16th Mar 2019 | |
Final discussion with the organizational members about the project | 23rd Mar 2019 | |
Actual development of the password authentication system | 30th Mar 2019 | |
Delivery of the password visualization and authentication system | 13th Apr 2019 | |
Delivery of the guideline and policy for complex and strong password creation | 20th Apr 2019 | |
Final report submission | 27th Apr 2019 | |
The final meeting of the project | 30th Apr 2019 |
A simple Gantt chart representation of the time span for the project phases is as follows:
Weeks | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 |
Starting Phase | |||||||||||
Planning | |||||||||||
Development | |||||||||||
Implementation | |||||||||||
Final Phase |
Cost Management
Cost alongside time is another integral part of project success. The cost of this project is what defines the success criteria as it is one of the requirements of the client. The best way to maintain the cost is the in-depth review of the literature before developing actual password visualisation and authentication technique. A summary of the possible cost distribution of different phase of the project, that is around AED 5000, is given below:
Phase | Overall Estimated Cost | Description |
Starting Phase | AED 750 | Meetings, Literature Reviews, Identification of the Current System |
Planning Phase | AED 500 | Project Plan, Risk Identification, Meeting |
Development Phase | AED 3000 | Developers, Analysis of current trends in passwords, Hackers, and testers |
Implementation Phase | AED 1000 | Developer for setting and cross checking |
Final Phase | AED 750 | Meeting, Guideline development |
Risk Management Plan
The actual time to identify the risk is before the final submission of the project plan (Uhlig, 2012). Since this project is intended to develop a new password visualization and authentication technique for an existing system, therefore, multiple types of risks are associated with it. Some of these risks, along with there level of severity and mitigation are as follows:
Risk Identified | Risk Mitigation | Risk Level | Risk Severity |
Leakage of passwords | Since the project is all about passwords and has a phase for analysing the current password trends, therefore there is a great chance of passwords leakage.
Proper security measures and the selection of highly reliable team members is the only solution for this risk |
Very High | 9 |
Security breach or breakage of the current system | In order to avoid any damage to the current system highly trained professionals alongside the team members of Datamatix will be appointed for the tasks | High | 7 |
The rise of legal and ethical issues related to privacy policy | In a detailed analysis of the privacy policy of the company and the laws governing the jurisdiction before performing any activities is required to avoid and legal and ethical issues. | Moderate | 5 |
Discussion and Reflection
Although, passwords are the most widely used security barrier at the same time are the most breached ones, despite the fact that every system requires hard to crack the password to be set. Several alternative techniques have been so far developed in order to minimize the password lost (Schweitzer et al., 2009). This project plan describes the step by step process for defining and developing a new password visualization and authentication technique for the region’s leading knowledge providing organization, Datamatix. The project has both benefits and cons associated with it. In order to make this project a success, team members of this project are required to have specific knowledge.
Proper identification of the current system and the client’s need besides the recent trends in both password visualization and authentication techniques and password cracking techniques are needed. The team members are also required to be ethically reliable for avoiding any privacy issues such as data theft and misuse. Team members also required to have sound knowledge of project management i.e. identification and mitigation of risks, time and cost management and objective accomplishment to make this project a successful one.
References
Anderson, S., Molenaar, K. and Schexnayder, C. (2007). Guidance for cost estimation and management for highway projects during planning, programming, and preconstruction. Washington, D.C.: Transportation Research Board.
Bouvrie, C. (2016). Cost Management Explained in 4 Steps. [online] Cost Management. Available at: http://www.costmanagement.eu/blog-article/198-cost-management-explained-in-4-steps [Accessed 10 Feb. 2019].
Cekic, Z., Surlan, N., & Kosic, T. (2017). Value Perspective of Project Stakeholders. IOP Conference Series: Materials Science And Engineering, 262, 012078.
Cole, E. (2002). Hackers beware. Indianapolis, Ind.: New Riders.
DataBank. (2019). Retrieved from http://datamatixgroup.com/Services/DataBank.aspx
Datamatix – The Power of Trust. (2019). Retrieved from http://datamatixgroup.com/Profile.aspx
Han, A., Wong, D. and Chao, L. (2014). Password Cracking and Countermeasures in Computer Security: A Survey. Amsterdam: University of Amsterdam.
Haugan, G. (2001). Effective Work Breakdown Structures. Management Concepts Press.
Marchewka, J. (2015). Information Technology Project Management. 5th ed. John Wiley & Sons.
Schweitzer, D., Boleng, J., Hughes, C. and Murphy, L. (2009). Visualizing keyboard pattern passwords. 2009 6th International Workshop on Visualization for Cyber Security.
Shah, S. and Mehtre, B. (2014). An overview of vulnerability assessment and penetration testing techniques. Journal of Computer Virology and Hacking Techniques, 11(1), pp.27-49.
Sharma, G. (2013). 7 Best Practices For Building Client Relationships. Retrieved from https://www.forbes.com/sites/gaurisharma/2013/10/04/7-best-practices-for-building-client-relationships
Uhlig, S. (2012). Federal construction contracting made easy. Tysons Corner, Va.: Management Concepts.