Get documents about "CS 4983 - Capstone SPMP
Document Sample
IT Maturity Web-Based Auditing Tool
Software Project Management Plan
Erica Baity ∙ Reginald Gross ∙ William Moore ∙ Randall Wells
Southern Polytechnic State University
Version 0.2
1
REVISION HISTORY
Revision Number Revision Date Reason for Revision
0.1 02/15/11 Baseline Version
0.2 03/26/11 Change to Software Process
Model.
Change to Roles and
Responsibilities.
Addition of NIST SP 800-53.
2
TABLE OF CONTENTS
Revision History......................................................................................................................2
Table of Contents....................................................................................................................3
1 INTRODUCTION.................................................................................................................4
1.1 Project Overview..............................................................................................................4
1.2 Project Scope...................................................................................................................4
1.3 Project Deliverables.........................................................................................................4
2 PROJECT ORGANIZATION...............................................................................................5
2.1 Software Process Model..................................................................................................5
2.2 Roles and Responsibilities...............................................................................................5
2.3 Tools and Techniques.......................................................................................................5
3 PROJECT MANAGEMENT PLAN......................................................................................5
3.1 Project Tasks....................................................................................................................5
3.1.1 Develop IT Maturity Model......................................................................................5
3.1.2 Requirements Development and Engineering........................................................6
3.1.3 Application Design..................................................................................................7
3.1.4 Application Development........................................................................................7
3.1.5 Application Testing..................................................................................................8
3.2 Project Schedule..............................................................................................................8
4 ADDITIONAL MATERIAL....................................................................................................9
5. REFERENCES..................................................................................................................9
3
1. INTRODUCTION
1.1. PROJECT OVERVIEW
The importance of an organized and well structured Information Technology (IT)
department is paramount to the success of an enterprise in the twenty-first century.
Each year an enterprise must address its budget and determine the cost effectiveness
of its departments and all operations within those departments. While ascertaining the
cost effectiveness of certain departments may be routine, determining the cost
effectiveness of an enterprise's IT department may not be an easy task. What we need
is a systematic way to trace an organization's IT processes back to its business goals
to determine if those goals are being met. What is needed are metrics that
demonstrate whether the IT department's policies and procedures are well defined,
adequate, and well-enforced by employees. It is in great need to develop a
measurement tool that can be used to determine the maturity level of an IT department
indicating how well it has been following federal regulations and industry best
practices. This project proposes a solution to this need: The IT Maturity web-based
tool.
This project aims at developing the IT Maturity web-based tool. This is an online
auditing application which will make use of an IT Maturity Model created specifically for
this project that is similar in structure to the Capability Maturity Model (CMM) for
software engineering created at Carnegie Mellon University. The application will be
used by an auditor to evaluate an enterprise's IT department and attribute a maturity
level to it. Once an assessment is done, the application will generate a detailed report
along with corresponding visual representations such as graphs and charts of the IT
section’s performance. Through continued use, an enterprise will be able to create a
detailed history of its IT maturity, illustrating the enterprise's consistency, improvement,
or regression over time. The tool will be designed to be capable of supporting
concurrent users from multiple organizations.
1.2. PROJECT SCOPE
This project's goal is to produce a fully functional web application that fulfills the high-
level requirements defined in the project specification. This goal will be accomplished
through eliciting and defining requirements; designing, programming, and testing the
application; and delivering relevant artifacts. Project development will adhere to a
waterfall software development life cycle and a defined schedule by meeting project
milestones. The final product is to be completed and presented at the end of the Spring
semester of 2011.
1.3. PROJECT DELIVERABLES
Project Deliverables are:
Software Project Management Plan
Software Requirements Specification
Software Design Specification
4
Test Documentation
IT Maturity Model Web-Based Application
2. PROJECT ORGANIZATION
2.1. SOFTWARE PROCESS MODEL
The IT Maturity web-based tool project will follow a standard Waterfall software process
model.
2.2. ROLES AND RESPONSIBLITIES
Each team member is responsible for the overall direction, development, and
completion of the project. Specific team member responsibilities are:
Erica Baity – IT Maturity Model development, SQL programming/development,
requirements elicitation and engineering
Reginald Gross - documentation, requirements elicitation and engineering,
testing
William Moore – IT Maturity Model development, C# and ASP.NET
programming/development
Randy Wells – IT Maturity Model development, C# and ASP.NET
programming/development
2.3. TOOLS AND TECHNIQUES
This project will be developed using C# and ASP.NET for front-end development and
C# and SQL Server 2008 for back-end development. A Windows 2008 production
server will be leveraged to host the application.
3. PROJECT MANAGEMENT PLAN
3.1. PROJECT TASKS
3.1.1. IT MATURITY MODEL DEVELOPMENT
3.1.1.1. DESCRIPTION
The IT Maturity Model being developed for this project will be defined based
upon the framework established in the Control Objectives for Information and
related Technology (CoBIT) document. It will also draw upon NIST standards:
Common Misuse Scoring System (CMSS), Common Configuration Scoring
System (CCSS), and Special Publication 800-53. The approach to developing
the IT Maturity Model is to assemble a list of criteria from the aforementioned
documents that will assess an enterprise's technical, operational, management,
and security maturity. A quantifying system will complement the criteria and
grant a score to each maturity area. Once each area is scored, a cumulative
maturity level is assigned to the enterprise.
5
Before finalization, the IT Maturity Model must meet the approval of Dr. Andy
Wang.
3.1.1.2. DELIVERABLES AND MILESTONES
The completion of this task will result in a fully approved and developed IT
Maturity Model.
3.1.1.3. RESOURCES NEEDED
To develop the IT Maturity Model, our team will need to procure a recent version
of the CoBIT, CMSS, CCSS, and SP 800-53 documents. We will also need the
assistance and guidance of Dr. Wang.
3.1.1.4. DEPENDENCIES AND CONSTRAINTS
The materialization of the IT Maturity Model used in this project is heavily
dependent upon our team attaining a thorough understanding of the concepts
presented in the documents to be read. Our team is also limited to the
information given in those documents.
3.1.1.5. RISKS AND CONTINGENCIES
There is a risk that our team may not fully grasp all the details found in the
CoBIT and NIST documents. This may cause our team to build an incomplete IT
Maturity Model that lacks breadth and depth. To mitigate this risk, our team will
frequently meet with Dr. Wang to ensure that we are well informed and well
guided in our efforts.
3.1.2. REQUIREMENTS ENGINEERING
3.1.2.1 DESCRIPTION
Requirements engineering involves the elicitation, defining, and development of
requirements for the IT Maturity web-based application. The purpose of this task
is to form clear requirements statements that will help to ensure smooth
software development.
3.1.2.2. DELIVERABLES AND MILESTONES
Completion of the task will produce a Software Requirements Specification
document that will contain the results of the requirements engineering efforts.
3.1.2.3. RESOURCES NEEDED
A standard template will be needed to create the Software Requirements
Specification document.
3.1.2.4. DEPENDENCIES AND CONSTRAINTS
Requirements engineering will be highly dependent on the creation of the
maturity model.
3.1.2.5. RISKS AND CONTENGENCIES
6
In requirements engineering, there is the risk of creating incomplete or poorly
defined requirements. To mitigate this risk, our team will need to analyze and
agree on all requirements before implementation. We will also seek assistance
from Dr. Wang when needed.
3.1.3. APPLICATION DESIGN
3.1.3.1. DESCRIPTION
The design task will give structure to the project by defining project components
and constructing the interactions between them. Designing the web-based IT
Maturity application will require a high-level architectural design and an in-depth
detailed design.
3.1.3.2. DELIVERABLES AND MILESTONES
The design stage of the project will produce a Software Design Specification
document which will serve as for the design process. It will also produce a
number of accompanying graphical design diagrams.
3.1.3.3. RESOURCES NEEDED
A standard template will be needed to create the Software Design Specification
document. To create the design documents for our application, our team will
need the use of a graphic design application such as Microsoft Visio.
3.1.3.4. DEPENDENCIES AND CONSTRAINTS
The application must be designed to take the end user into account. This
application is intended to be used by multiple organizations that may or may not
be international and should reflect that.
3.1.3.5. RISKS AND CONTENGENCIES
When designing, our team must be aware that end users will have differing
capabilities, customs, and backgrounds. It would be a risk for our team to design
the tool with one type of end user in mind. The contingency for this is to be
aware of a large audience and attempt to make an application that is sensitive to
user differences.
3.1.4. APPLICATION DEVELOPMENT
3.1.4.1. DESCRIPTION
This task involves the programming and development of the IT Maturity web-
based application and will be accomplished with the use of C#, ASP.NET, and
SQL programming.
3.1.4.2. DELIVERABLES AND MILESTONES
Project code that is fully written and ready for testing will be the primary output
of this task.
3.1.4.3. RESOURCES NEEDED
7
Development of the IT Maturity web-based application will necessitate
knowledge of functional programming concepts. It will also require skill in
database programming and management. In addition, a web server will be
needed to host the web application, hold all accompanying files, and store
database information.
3.1.4.4. DEPENDENCIES AND CONSTRAINTS
Sufficient programming will depend upon the traceability of requirements from
elicitation through the design stage. Well defined requirements will make
programming easier. Our programmers will be constrained by the limitations of
the chosen programming languages but should be able to accomplish the task
nonetheless.
3.1.4.5. RISKS AND CONTENGENCIES
There is a risk of readability and performance issues if poor programming
practices are used. This risk should not be of much concern as our team will
work together to ensure that programming code is cohesive, uniform, and
readable.
3.1.5. APPLICATION TESTING
3.1.5.1. DESCRIPTION
Testing will be done using standard unit, integration, and system testing
methods and will incorporate white-box and black-box testing techniques. As
defects are discovered, they will be noted and corrected. This process will
continue until no defects are able to be found. Successful system testing will
lead to user acceptance testing.
3.1.5.2. DELIVERABLES AND MILESTONES
A test document will be generated and used for the duration of testing. A fully
realized and deliverable application will result from the completion of all testing.
3.1.5.3. RESOURCES NEEDED
A standard template will be needed to create a test document.
3.1.5.4. DEPENDENCIES AND CONSTRAINTS
Testing is completely dependent upon the completion of the preceding software
lifecycle stages. As well, testing is the final stage of monitoring bi-directional
traceability in the project, thus constraining our development to ensure
traceability is achieved.
3.1.5.5. RISKS AND CONTENGENCIES
As the project nears completion, there is a risk that time may cause the testing
phase to be shortened. Maintaining awareness of our project schedule and
adhering to deadlines will be the most effective way of alleviating this risk.
8
3.2. PROJECT SCHEDULE
Date Task Deliverable/Milestone
17 Jan 2011 – 3 Mar 2011 Develop IT Maturity Model IT Maturity Model
3 Mar 2011 – 28 Apr 2011 Requirements Engineering, Software Requirements
Application Design, Specification,
Application Development Software Design
Specification,
Design diagrams
Project Code
14 Apr 2011 - 28 Apr 2011 Testing Testing Documentation
29 Apr 2011 Present Final Product IT Maturity Web-Based Tool
4. ADDITIONAL MATERIAL
N/A
5. REFERENCES
IEEE Std 1058 -1998 IEEE Standard for Software Project Management Plans
9
