PRCO204HK
INTEGRATING
PROJECT
20 CREDIT MODULE / 100% COURSEWORK SUBMISSION
LOCAL TUTOR: DR. IVY WONG
MODULE AIMS
The module aims to develop skills in team working and managing a substantial project. The students will utilise and extend the knowledge and understanding gained during the modules previously studied in their course specific material and work on a more extensive scenario than they would have had the opportunity to work with so far. The project will also help the students contextualise the material already covered, as well as to investigate new content.
ASSESSED LEARNING OUTCOMES (ALO):
1. Work as part of a team in identifying, analysing, proposing and documenting a solution to a specific problem appropriate to the degree and/or field of study.
2. Implement an effective solution using appropriate techniques, technologies and processes accounting for any appropriate legal, social and ethical constraints.
3. Evaluate and reflect upon the suitability of the solution to the given problem.
LAST UPDATE: March 16, 2020
SEC203HK SECURITY INTEGRATING PROJECT
1
OVERVIEW
PRCO204HK – Integrating Project is a second semester module that provides you with the opportunity to apply your knowledge and skills of to a real-world problem. This is the application of technology to solve a problem where you make use of your previous learning (hardware/software, interaction design as appropriate) and apply it to a problem relevant to your degree (security related problem).
You are required to work in a team environment, using agile project management to deliver a technical solution with some complexity. This module serves as an integrating project bringing together the various aspects of software engineering, database design, hardware or subject specific learning encountered in your course so far. The module is complimented by shared topics delivered by Computing and Computer Science staff such as Agile project management and team working, requirements planning, security and usability.
MODULE DELIVERY
At the beginning there are a few lectures delivered by academic staff. These are: Agile project management and team expectations, non-functional requirements, security, and human computer interaction. The specific details are shown below in the schedule of important dates and deliverables.
For the rest of the time you are expected to work independently in teams, following agile principles, using online project management tools for an iterative production to solve your chosen problem area. Teams have to present and deliver a progress update and technical demo. The appropriate lab spaces have been booked for 3 hours for you to make use of. It is in these lab spaces that staff will drop in if required.
Team Working
This module will provide you with the opportunity to develop technological solutions in a team-based environment. You will be required to engage with typical team processes through all stages of the project. The teams will hold weekly planning meetings during the workshop and module staff are on hand if there is a need to help facilitate and guide these team processes. Teams will follow an agile methodology called Scrumban. The team project management tool must reflect the methodology used and task allocation and delivery should be clearly documented.
SEC203HK SECURITY INTEGRATING PROJECT
2
Team Roles
You are expected to have primary and secondary roles and responsibilities. You must take on a primary role with the team, also be counted as a developer and have secondary roles as agreed within the team during the initial team set up. Primary Roles as per the Agile methodology are described below:
Primary Role
Responsibility
Product
Owner
Communication with client, gather requirements and complete needs analysis, plan and
document usability testing, prepare presentations.
Scrum
Master
Project management, lead weekly scrums, populate project backlog and collate formal
documentation
Technical
Lead
Version Control, manage repo; branches/comments, design patterns, code base, prioritise project backlog, plan sprints.
Red Hat
Tester
Be the red hat tester to test the vulnerability of the product
Team allocation
You must be in a team of 4.
Project Scenarios
CIS students are to create a software project with an emphasis on security. The software must have at least some of the following: (1) user-input that changes behaviour of software. (2) important data in storage or in transit and/or (3) key communications between software components. The details of the project scenarios is provided at the section APPLICATION. Each group has to work on the assigned scenario.
Module Deadlines & Deliverables
This module operates in a different way from other modules taken so far. Instead of submitting work and getting a mark for that piece of work, you will be submitting materials on a rolling basis and getting feedback. This way you can improve your work and ensure that the overall result is the best that it can be. Therefore, you must make the most of the opportunities provided.
SEC203HK SECURITY INTEGRATING PROJECT
3
ASSESSMENT
The assignment includes group and individual deliverables. While you will be working in a team towards a common goal, your final marks for the project are based on individual contribution, performance in your agreed roles and integrity of the team processes. You will take individual responsibility for leading and/or documenting these processes. Success of the project element is dependent on overall team effectiveness.
The assessment is divided into two parts, Practice 30% and Coursework 70%.
PRACTICE 01 (P1W1) – PRACTICE PORTFOLIO 30% DESCRIPTION
1. Presentation 50%:
As a group you are required to demo your solution. You are to discuss your approach, articulate your development processes and present an evaluation of your provided solution.
2. Project Management Review 50%
Submit one PDF document from the group detailing an evaluation of your project management approach. You must discuss your application of agile, provide supporting evidence of your approach (See below).
Supporting Evidence
To evidence your team’s engagement with the development process, you are required to document key ‘agile artifacts’. Your project documentation will depend primarily on the type of client that you choose to work with. However, there are some tangible artifacts that will form the basis of every project. You will be expected to deliver the following:
• Product roadmap
Review the examples on Roadmunk or Aha and produce a suitable roadmap for your client project!
• Product backlog
Show your project management tool with full product backlog demonstrating who is implementing what.
• Sprints
Show evidence of how you plan sprints eg; weekly scrum board or dedicated cards on management.
• Release plan
What will you deliver to the client and when, what features will be active, summary of release planning here.
• Summary notes of group meetings
Show evidence of team communication, documentation of HCI feedback, interim reviews, planning activities.
• Minutes of official meetings with clients
Show evidence of client communication, what is your agreed method with your client.
• Prototype software
Functional prototype demonstrating core functionality and features implemented.
SEC203HK SECURITY INTEGRATING PROJECT
4
• List of software bugs and vulnerabilities
Particularly for CIS teams, a list of found software bugs and vulnerabilities, their outcomes, a rank of their risk to the software, and patches/solutions applied to mitigate risk.
The final submission requires you to represent your agile artifacts in a PDF document including a representative screenshot of each tool used and active links to the teams live online management, planning and version control. This document will be uploaded as part of the P1 submission
Throughout the module you will have panel reviews and progress meetings with the module team. You are expected to take notes from these events, plan accordingly and to include these notes/actions with the final submission.
These meetings will take up to 15 minutes per team and aim to allow you to prove that your progress is satisfactory and to improve your personal professional skills through panel sessions. Include a completed submission template with screenshot of and links to ‘tangible artifacts’ and copy of team presentation highlighting your individual contribution in addition to your individual report
COURSEWORK 01 (C1W1) – PROJECT PORTFOLIO 70%
The project portfolio comprises a number of deliverables to provide evidence for the marking criteria.
DESCRIPTION
1. Individual Report 30%:
This report is where you bring closure to the project for yourself. You are to reflect on the project in its entirety, your own position in the team, and the activities that you carried out. Approximately 2,000 words.
2. Group Portfolio for Product 70%:
Submit one PDF file to the module DLE page containing your Solution Portfolio Document. This document must contain the following sections in addition to an Introduction and Conclusion section:
• Background : tell the reader why the project was important, critique the background to the problem/situation and justify the materials/technologies used.
• Communication : Discuss the communication plan for the project, evaluate the implementation of the plan and discuss a review. Include a link to the weekly minutes from the team (and client if appropriate) meetings.
• Implementation : Include the link to your Git repository link for your application and describe the technical solution provided. Your description should also refer to agile artifacts (product vision, sprint plans, UML diagrams etc) contained in the repository and your planning board (trello or equivalent).
• Legal, social, ethical and professional : Discuss any relevant LSEP issues.
In addition to your Solution Portfolio document, your Git Repository prototype page should contain the following:
• Linked YouTube video (of the solution in use)
• Screenshots of the solution
• Summary Solution fact sheet
Your git repository must contain all of your source code and documentation.
SEC203HK SECURITY INTEGRATING PROJECT
5
APPLICATION
Functional Requirements
Each team will be assigned to one of the following scenarios.
Scenario A: Hospitality Industry
The application is for the hospitality industry. Hotel booking involves sensitive customer information in general. The aim is to build an information that supports hotel booking (e.g., check-in date, check-out date, room type, number of guest). There is a lot more to the application but these are the initial user stories that would create a minimum viable product in the initial sprints.
1. As a customer, I wish to book a hotel room through the system.
2. As a customer, I wish to send enquiry to the hotel.
3. As the management team of the hotel, I wish to control the room booking request/changes.
4. As the management team of the hotel, I wish to handle customer enquiry.
5. As the management team of the hotel, I wish the payment can be done through the system.
Scenario B: Airline Industry
The application is for an airline industry. Booking and managing flights involves sensitive customer information in general. The aim is to build an information that supports flight booking (e.g., start, destination, time, seats, luggage). There is a lot more to the application but these are the initial user stories that would create a minimum viable product in the initial sprints.
1. As a customer, I wish to book a flight ticket through the system.
2. As a customer, I wish to send enquiry to the flight ternary.
3. As the management team of the airline company, I wish to control the flight booking request/changes.
4. As the management team of the airline company, I wish to handle customer enquiry.
5. As the management team of the airline company, I wish the payment can be done through the system.
Non-Functional Requirements
Non-functional requirements are characteristics of a system which are not the activities described above. There are a number of different types listed below.
Technical requirements:
Our application is going to be a web-based application. It will run on a web server and be written in a language of your choice. The interface of the management team will be shown via a desktop browser, the interface for the customer however, should be shown via both desktop browser and a mobile phone.
Performance requirements: Response times are not within the scope of this sample application. Usability requirements: The interfaces will conform to accessibility rules as per the W3 validator.
Reliability requirements: These are outside of the scope of the application but students should have an idea on the network setup.
Security requirements: Since the students are major in the field of security, this is the most important part for the students to determine the security requirements and perform corresponding test and analysis.
SEC203HK SECURITY INTEGRATING PROJECT
6
SEC203HK SECURITY INTEGRATING PROJECT
7
SCHEDULE
Element Description
Lecture: Introduction, Agile Project Management Lecture: Importance of non-functional requirements,
requirements engineering.
Initial Team Meeting
Initial Team Presentation
A 10 minute presentation to be delivered by all members of the team explaining product vision, roadmap and risk analysis.
Lecture: HCI, HCI Usability Study
Interim Review – Considers the progress of the project. 10 minute presentation that critiques your product goals, backlog, achieved sprints and planned sprints. (Panel Format)
Team Meeting
Team Meeting
Interim Review – Considers the progress of the project. 10 minute presentation that critiques your product goals, backlog, achieved sprints and planned sprints. (Panel Format)
Team Meeting
Team Meeting
Interim Review – Considers the progress of the project. 10 minute presentation that critiques your product goals, backlog, achieved sprints and planned sprints. (Panel Format)
P1/W1 Submission: Project Management Review
C1/W1 Submission: Final Individual Report. DLE Submission of all materials. Submission of Git repository and hosted files.
P1/W1 Final Team presentation of project development process and outcomes
Date %
2020-02-11 2020-02-18
2020-02-25 2020-03-03
2020-03-10 2020-03-17
2020-03-31 2020-04-07
2020-04-21 2020-05-05
2020-05-19 15%
2020-05-26
(No Lesson, Submission 70% only)
2020-06-02, 2020-06-03
2020-03-24
2020-04-14
15%
SEC203HK SECURITY INTEGRATING PROJECT
8
Marking Rubric
FAIL
Pass 40-50
OK 50-60
Good 60 -70
Excellent 70 +
PRACTICE – 30 %
The following categories account for this section of the marking criteria. The different elements within the category may be weighted differently depending on the nature of the project.
Project Management
No / sporadic submissions provided at required points
Submissions provided when instructed. Weak sprint/work plans, backlog sparse, some element of control evident for the project.
As Pass and additionally: Submissions have meaningful content. Evidence of sprint/work reviews provided. Project Management seen in implementation but has room for improvement.
As OK and additionally:
Sprint/work reviews/retrospectives meaningful. Risks identified appropriately and managed effectively. Release plans show MVP and implementation matches.
As Good and additionally:
Project management throughout excellent. No deviations as a result of mis-management. Quality criteria clearly defined (definition of done clear). All submissions of excellent quality.
Objectives
Not present or too vague.
Objectives are provided but are weak. Objectives do not entirely match final implementation.
As pass and additionally: Objectives were reasonable at start of the project.
As OK and additionally:
Objectives SMART.
Most objectives met in implementation and discussed appropriately in the final report.
As Good and additionally: Objectives critically discussed in the final report, clearly met in all deliverables.
Verification & validation
Not present.
Some verification and/or validation carried out and documented in the final report.
As pass and additionally: A plan for verification and validation was present
As OK and additionally:
Appropriate validation of interim products was carried out during the project to ensure quality expectations and user needs were being met. Methods chosen were appropriate.
As Good and additionally:
Excellent verification and quality control was planned, discussed and justified in the report and carried out to ensure compliance with the requirements and the quality plan.
Approach
PRCO204 LIVE INTEGRATING PROJECT
1
FAIL
Pass 40-50
OK 50-60
Good 60 -70
Excellent 70 +
No consideration given to the approach planned or employed
At the start of the project the project plans were considered appropriate. The final report discusses the intended approach.
As pass and additionally:
Final report discusses the approach planned at a basic level of detail. Scope is indicated in planning documents and/or throughout sprints.
As OK and additionally:
The final report contains an appropriate evaluation of possible approaches (eg: methodologies, tools, processes, technologies). The final report displays appropriate knowledge and/or research of the applicable approaches.
As Good and additionally:
Excellent critique and robust defense provided in the final report regarding the approach taken and the possible alternatives. Discussion in the report matches demonstrated approach taken throughout the project.
COURSEWORK – 70 % : The following categories account for this section of the marking criteria. The different elements within the category may be weighted differently depending on the nature of the project.
Background
No discussion in the final report regarding background to project.
A brief outline of the project is provided in the project vision and final report.
As pass and additionally:
At the start of the project the project vision was considered by the supervisor to be reasonable. The final report introduces the background.
As OK and additionally:
A good discussion and account of the background to the project is provided. This clearly links into the objectives provided.
As Good and additionally:
An excellent critique of the background to the project I provided in the final report. Clear justification provided in the materials as to why the work is of importance.
Communication
Poor communication throughout. Written materials hard to understand
Materials provided by student able to be followed by an expert.
As pass and additionally:
All communications received appropriately.
Final report has an appropriate structure, showcase presentation appropriate and demonstration showed basic understanding of project.
As OK and additionally:
Final report written to a good style and a good standard. Structure, clarity of writing, conciseness, grammar are all considered good.
The final report is within the appropriate word limit boundaries (eg: approaching 10,000 words)
As Good and additionally: Excellent communication skills demonstrated throughout project.
Clear and precise reviews of work provided, clear communications with supervisor, clear and robust discussion provided in the final report.
Final report written in excellent grammatical format, clear and robust discussion. Professional approach to showcase and demonstration provided.
Implementation
PRCO204 LIVE INTEGRATING PROJECT
2
FAIL
Pass 40-50
OK 50-60
Good 60 -70
Excellent 70 +
Not present/very poor implementation that meets too few objectives.
A minimal final deliverable was produced which satisfied some of the core requirements/set objectives.
Code supplied in repository so that marker can access it.
As pass and additionally: Project objectives were demonstrated to have been met.
Repository commits are of a timely manner and not left to immediately before deadlines.
As OK and additionally:
Products identified in initial plan delivered with core characteristics and quality features.
Code supplied where appropriate is of good quality and shown to have been tested.
All deliverables submitted on time
As Good and additionally: Excellent product quality demonstrated in all deliverables.
Legal, Social, Ethical and Professional (LSEP)
Not considered or discussed.
Final report contains some consideration to LSEP.
Project adhered to University Ethics policy and requirements for ethical approval.
As pass and additionally: Final report contains appropriate (retrospective) evaluation/discussion of LSEP issues encountered/relevant to the project.
As OK and additionally:
Evaluation of LSEP issues in final report provides suitable breadth and depth. The discussion utilises appropriate authoritative literature.
LSEP issues identified during the project and factored appropriate into the implementation.
As Good and additionally: Excellent critique and discussion justifies application of LSEP to final project.
Clear LSEP practices demonstrated through implementation and sprints/work packages.
Reflection
Not provided.
Final report contains some form of evaluation of the project objectives.
As pass and additionally: Final report considers objectives with suitable reflection.
The conclusions of the final report contain an appropriate summary.
Lessons learnt and/or alternatives provided.
As OK and additionally:
Final report provides robust, detailed evaluation of the achievement of the project objectives.
A reflective evaluation of the project methods, approaches, technologies etc is provided in the final report.
The evaluations and reflections have some depth.
As Good and additionally: Excellent objective, and robust critique provided regarding achievement of project objectives.
PRCO204 LIVE INTEGRATING PROJECT
3
Marks allocation
Team working can cause concern amongst students. They worry that their marks will be lower if working with people who do not have the same approach to team working than they. To account for this, students must claim their marks using the mark claim grid shown below. This should be added as an appendix in their individual reflection. For each category, evidence must be provided such as hyperlinks to minutes, documents and commits to the repository for the category.
Please record below the % of the category marks being claimed as justified by the evidence provided.
Marking Category
% claimed
Justification/evidence
Final mark
(please leave blank)
Process
– Project
Management
– Objectives
– V&V
– Approach
Product
– Background
– Communications – Implementation – LSEP
Please refer to all the lecture content & further study resources on the DLE.
PRCO204 LIVE INTEGRATING PROJECT
1