Professional Documents
Culture Documents
• Constructive?
Y/N
• Linked to relevant assessment
criteria? Y/N
Give details:
Internal Verifier
Date
signature
Programme Leader
Date
signature (if required)
LO1. Establish project aims, objectives and timeframes based on the chosen theme
LO3. Present the project and communicate appropriate recommendations based on meaningful conclusions
drawn from the evidence findings and/or analysis.
Pass, Merit & Distinction P5 P6 M3
Descripts
LO4. Reflect on the value gained from conducting the project and its usefulness to support sustainable
organisational performance
Pass, Merit & Distinction P7 M4 D2
Descripts
Resubmission Feedback:
Important Points:
1. Check carefully the hand in date and the instructions given with the assignment. Late submissions will not be
accepted.
2. Ensure that you give yourself enough time to complete the assignment by the due date.
3. Don’t leave things such as printing to the last minute – excuses of this nature will not be accepted for failure
to hand in the work on time.
4. You must take responsibility for managing your own time effectively.
5. If you are unable to hand in your assignment on time and have valid reasons such as illness, you may apply (in
writing) for an extension.
6. Failure to achieve at least a PASS grade will result in a REFERRAL grade being given.
7. Non-submission of work without valid reasons will lead to an automatic REFERRAL. You will then be asked to
complete an alternative assignment.
8. Take great care that if you use other people’s work or ideas in your assignment, you properly reference them,
using the HARVARD referencing system, in you text and any bibliography, otherwise you may be guilty of
plagiarism.
9. If you are caught plagiarising you could have your grade reduced to A REFERRAL or at worst you could be
excluded from the course.
I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present it as my own
without attributing the sources in the correct way. I further understand what it means to copy another’s work.
Ramanlakshan1995@gmail.com
Student’s Signature: Date: 31.12.2020
(Provide E-mail ID) (Provide Submission Date)
Unit Tutor
Issue Date
Submission Date
Submission Format:
The submission is in the form of an individual written report. This should be written in a concise, formal
business style using single spacing and font size 12. You are required to make use of headings, paragraphs
and subsections as appropriate, and all work must be supported with research and referenced using the
Harvard referencing system. Please also provide an end list of references using the Harvard referencing
system.
LO1 Establish project aims, objectives and timeframes based on the chosen theme.
LO2 Conduct small-scale research, information gathering and data collection to generate knowledge to
support the project.
LO3 Present the project and communicate appropriate recommendations based on meaningful
conclusions drawn from the evidence findings and/or analysis.
LO4 Reflect on the value gained from conducting the project and its usefulness to support sustainable
organizational performance.
Management Information Systems (MIS) plays a very important role in today’s organizations; it creates
an impact on the organization’s functions, performance and productivity. A Management Information
System (MIS) ensures that an appropriate data is collected from the various sources, processed and send
further to all the needy destinations. A system is expected to fulfill the information needs of an individual,
a group of individuals, management functionaries, managers and top management to improve efficiency
and productivity.
On contrary, any system can be compromised with vulnerability issues. This is mostly in area of
confidentiality, integrity and availability (security triangle).
You’re advised to provide solutions for improvements for a selected Management Information System’s in
a selected organization in the area of how to improve aspects of confidentiality, integrity and availability
(security triangle) through a vulnerability study assessment.
You should investigate the causes and impacts of vulnerabilities within computing systems and explore the
solutions to the problems presented in order to make recommendations to improve their security for
Management Information System. The expected solution of the project is a vulnerability assessment and
action plan which includes, issues of varying severity.
In general, the vulnerability assessment may focus on a test of security infrastructure devices, network
servers, operational systems (including Windows and Linux), physical security of buildings, and wireless
internet security. You have to mainly focus on how can vulnerabilities in an existing system be identified
and counteracted.
Discover unknown entry points both physical and electronic – that is threat to the overall
confidentiality, integrity, and availability of network data and resources.
Problem can be discovered in the areas of installing, configuring, and maintaining servers and
infrastructure equipment as well as practices of different department managers and staff tend to have
different ways of managing their IT.
Recommendations for standardization of upcoming infrastructure installations, configurations, and
maintenance.
Educate and increase user awareness on what they could change to improve their security situation
in order to build confidence of using the Management Information System
An action plan to keep their environment secure.
Your role as a student researcher means that you are not trying to perform a specific solution to any
vulnerability problem case. You have to make expert recommendations on how to tighten security
controls, based on a proven assessment methodology, that are in the best interest of the specific project of
Management Information System which may eliminate unnecessary entry points that would greatly reduce
the threat. Introducing of a set of policies and procedures for the entire Management Information System
help eliminate threats through network entry points and infrastructure. The vulnerability trends and
recurring issues that needed careful attention. The project span 03 months in order to provide an accurate
snapshot of their current security posture.
The benefit of the project is that it provides a greater awareness among the entire staff about how any
vulnerability or weakness in any functional area affects the overall security posture of the Management
Information System at large. You are required to provide a full report on vulnerabilities you found and
TASK – 01
1.1 Describe aims and objectives for vulnerability assessment project which you’re introducing. Your
explanation should include a brief introduction about the company, the MIS and other relevant
information to the assessment project.
1.2 Produce a comprehensive project management plan, The plan should include milestone schedule
and project schedule for monitoring and completing the aims and objectives of the project that
includes cost, scope, time, quality, communication, risk and resources management.
1.3 Produce a work breakdown structure and a Gantt Chart to provide timeframes and stages for
completion.
TASK – 02
2.1 Explain qualitative and quantitative research methods appropriate for meeting project aims and
objectives which you produced as vulnerability assessment project.
2.2 Evaluate the project’s management process and appropriate research methodologies applied, the
accuracy and reliability of different research methods applied for the small scale research
TASK – 03
3.1 Analyze research data using appropriate tools and techniques.
3.2 Describe appropriate recommendations as a result of research and data analysis to draw valid and
meaningful conclusions.
3.3 Evaluate the selection of appropriate tools and techniques for accuracy and authenticity to support
and justify recommendations.
TASK – 04
4.1. Provide a reflection on the value of undertaking the research to meet stated objectives with your
own learning and performance which includes a discussion of the project outcomes, its usefulness
to support sustainability of the given organization and its’ performance, the decision-making
process and changes or developments of the initial project management plan to support
justification of recommendations and learning during the project.
4.2. Evaluate the value of the project management process and use of quality research to meet stated
objectives and support own learning and performance
In the accomplishment of the project successfully, I would like to express my thanks to the
people who have helped me most throughout my project. I am grateful to my lecturer Mrs.
Dilini Kumanayake and Miss. Ann Roshanie for nonstop support for the project. Their
assistance and insightful comments, and who willingly shared their expertise with me.
Especially I would like to thanks all Akshaya food city management to given the opportunity
to study their system.
Last but not the least I would like to thank my dearest friends and classmates who have helped
me a lot and made this possible to complete my project with all accurate information.
Figure 1 Vulnerability-assessment-steps
Source: (Vulnerability-assessment-steps, 2020)
Recognizing the issues which can be occur during the practice of different Apartment
managers and staff tend to have different ways of managing it
Recommend solution for identifying issues through a document that list what steps
must be taken in order to mitigate Vulnerabilities and to secure informational
assets.
(Vulnerability Analysis, 2020)
Management Information System (MIS) is mainly designed to take care of the needs of
the managers in the organization.
Management Information System (MIS) helps in integrating the information which are
created by different departments of the organization.
CIA Triangle.
Confidentiality, integrity and availability, also known as the CIA triad, is a security model
which created to guide information security policies within an organization. The three elements
of the CIA triangle are considered the three most crucial components of security.
Integrity: The second component of the triad, integrity assures the sensitive data is
trustworthy and accurate. Trustworthiness, consistency, and accuracy of data should be
maintained over its life cycle. Sensitive data should not be altered in transit, and security
measures, such as file permissions and user access controls, should be taken to make
sure that it can't be changed by unauthorized users. In addition, backups or redundancy
plans should be planned and implemented to restore any affected data in case of an
integrity failure or security breach in order to restore data back to its correct state.
Availability: Availability is that the guarantee of reliable and constant access to your
sensitive data by only authorized people. It is best guaranteed by properly maintaining
all software and hardware necessary to make sure the availability of sensitive data. It’s
also vital to keep up with the system upgrades. Providing adequate communication
throughput and preventing bottleneck helps as well.
(Bashay, 2020)
Project Scope & Deliverables: An overview of the boundaries of the project, and an
outline of how the project will be broken down into measurable deliverables.
Project Schedule: A high-level read of project tasks and milestones (Gantt charts are
handy for this).
Project Resources: The budget, personnel, and other resources required to meet project
goals.
Risk and Issue Management Plan: A list of factors that would derail the project and a
plan for how the problems will be identified, addressed, and controlled.
To identify vulnerabilities that might related with the Order management system.
Project Schedule
Milestone Start Date End Date Status
Company Customers
Risk Analysis
This is the step that access the identified risk and during this step, you will assess the probability
and fallout of each risk to determine which factor should be focus first. Factors such as potential
financial loss to the organization, time lost, and severity of impact all play a part in accurately
analyzing each risk.
Risk Evaluation
In this step you can evaluate or designate the risk by deciding the risk magnitude, which was a
fusion of consequence and likelihood. You can take decisions about whether it is serious
enough to warrant treatment or is the risk acceptable.
Risk Treatment
This is the forth step of risk management process and it is also known as Risk Response
Planning. In this step you evaluate your highest ranked risks and set forth a plan to modify or
treat these risks to attain acceptable risk levels.
Define activities: Identifies the necessary collection of activities and the "Activity List"
is the chief performance.
Sequence Activities: Understand the logical connection between the activities listed
and bring them out. The Schedule Network Diagram is the most significant
performance of this method.
Estimate Activity Resources: Estimate and document the type and amount of
resources needed for each of the specified activities. Action resource specifications and
resource breakdown structure are the key outputs of this approach.
Estimate Activity Durations: This is the method of estimating the time units required
for each activity, depending on the scope of activities. Activity Duration Estimates are
the principal result of this process.
Develop Schedule: The schedule is developed taking into account the outputs of all
previous processes and reaching an optimal combination of dependencies, resources
and durations with a realistic schedule.
Control Schedule: This is the method of monitoring scheduled project status with
respect to planned Schedule. Some of the most important parameters of project
performance are determined, such as variance and schedule performance index.
(What is Time Management?, 2020)
Observations: This is a method where researchers record what they have encountered,
seen or heard in a detailed field notes.
Interviews: This is considered has the most popular qualitative research method where
researchers personally ask a person questions in one-on-one conversations.
Focus groups: This method also consider has most popular in qualitative research
method where researchers ask questions and creating discussion among a limited group
of people.
Secondary research: This method used to gathering existing data in such a form of
video or audio recordings, images, texts etc.
Flexibility: The analysis process and data collection can be convert as into new ideas,
questioning can be adapted in real-time to the nature and quality of information being
accumulated.
Creation of new ideas: Open-ended feedback mean that the researchers can detect
opportunities or problems that they wouldn’t have thought of otherwise.
Unreliability: The real-world setting frequently set the qualitative research has
inconstant because of uncontrolled factors which are affects the data.
Survey Research: In survey research a set of questions would be asked from the
respondents regarding to research. This research method can be done as online surveys,
online polls, paper questioners, web-intercept surveys and etc.
Data on the internet: With any information under any topic are available on the
internet this method has become increasingly easy to perform. Data is accessible online
on most research subjects, which helps to improve the validity of primary quantitative
data as well as show the importance of previously collected data.
Testing and checking can be achieved: Careful experimental design and the ability
for others to reproduce both the test and the findings are required for quantitative
testing. This makes the knowledge you are gathering more credible and less open to
contention.
Straightforward review: The type of results will tell you which statistical measures
are suitable to use when you gather quantitative data. As a result, it is easy to interpret
the data and present those results and less open to error and subjectivity.
Prestige: Since many people don't understand the mathematics involved, research
involving complicated statistics and data analysis is considered useful and impressive.
It may be deceptive: Many people believe that it is more reliable or scientific than
observational, qualitative analysis, since quantitative research is focused on statistics.
Both sorts of analysis, however can be arbitrary and deceptive.
(Quantitative Research, 2020)
I have used both qualitative and qualitative and quantitative research methods to do this
research. On qualitative research method I used individual interview it is used to gain an
understanding of underlying reasons, opinions, and motivations. On quantitative research
method I used questionnaires which produce either numerical data or data that can be put into
categories for example yes or no answers.
1. Interviews
A discussion in which someone tries to get data from another person is an interview. The term
"interview" in common parlance refers to a one-on-one discussion between an interviewee and
an interviewer. The interviewer may take a formal or informal approach, either encouraging
the interviewee to talk openly about a particular issue or asking pre-determined specific
questions. It is often difficult to pay attention to the non-verbal elements of communication and
to recall everything.
Reasons for using interviews in this research:
Interview can be helpful to discover how people think and feel about a subject and why
they hold those views.
Interview can be helpful to address some sensitive topics which in a focus group people
may feel uncomfortable addressing.
Some Interview questions which has been asked from company manager for this
research.
1. Does the organization have a backup server?
2. Does the antivirus software has been installed in data processing servers?
3. Does the stock handling processed on system every day?
4. Do you use fingerprint readers to Keep track of the attendance and time of your
employees?
5. Do you get notified when a new order has been placed on the system?
6. Does a customer get notified if products on the system are out of stock?
7. Can the system show all the details of orders and the payments of customers?
8. Do this system provide a feedback option for the customers to give a feedback after
they receive their products?
Questionnaires can be helpful to find the needs, aspirations, opinions, interests and
desires of users.
Questionnaires are helpful to find user satisfaction with services and collection.
Initiating: The proposal is conceptualized during this phase and feasibility is decided.
Some tasks that should be carried out during this phase, according to the SME Toolkit,
include defining the project objective; defining the scope of the project; identifying the
project manager and key stakeholders; identifying possible risks; and creating an
approximate budget and timetable.
Executing: The project manager will perform the procurement needed for the project
at this stage, as well as staff the team. In addition, the team members would carried out
their own assignments within the given deadline for each activity in order to achieve
the defined targets.
Monitoring and control: In this phase, Project managers will assess the progress of
each task closely to ensure the proper execution of the project. Documentation such as
data collection and verbal and written status reports can usually be used to assess that.
If a change is needed, it will happen at this point.
Closing: The group of closing processes takes place once the project deliverables have
been generated and checked and accepted by the stakeholders. All documentation will
be archived and a final project report will be produced during this process.
(What Are Project Management Processes?, 2020)
Qualitative Analysis
Quantitative Analysis
Content analysis: This refers to the method of categorizing verbal or behavioral data
to arrange, summarize and identify the data.
Narrative analysis: This approach includes reformulating the stories presented by the
participants, taking into account the context of each case and the various perspectives
of each participant.
Range: The highest value in a set of values, and the lowest value.
(Bhatia and Bhatia, 2020)
1. Does the organization have a backup server? No, we don’t have a backup server. Vulnerability High
2. Does the antivirus software has been installed in data There is no antivirus software has been installed on data Vulnerability High
processing servers? processing server.
3. Does the stock handling processed on system every No, stock handling processes only done once a week. Vulnerability High
day?
4. Do you use fingerprint readers to Keep track of the No, the attendance is marked in a book. Vulnerability Medium
attendance and time of your employees?
5. Do you get notified when a new order has been placed Yes, the new order will be notified to my mail for every Not Low
on the system? order that made on system. Vulnerability
6. Does a customer get notified if products on the system Yes, customer will get an alert when the items are out of Not Low
are out of stock? stock. Vulnerability
7. Can the system show all the details of orders and the This system comes with full detailed report of the orders Not Low
payments of customers? and payment so yes I can check every details of it. Vulnerability
1 10 0 No Low
2 2 8 Yes High
3 0 10 Yes High
4 4 6 Yes Medium
5 5 5 Yes Medium
6 10 0 No Low
7 0 10 Yes High
According to question one this company don’t have a backup server and it’s a main
vulnerability risk considering all this company system relied on one server so in case
of server failures every process of this company will get shutdown until the server
respond back. This can lead to data losses and customers won’t be able to place any
orders so I highly recommend to set a backup server to resolve this vulnerability risk.
According to question two this company data processing server running without a
antivirus software is another main vulnerability risk considering if the server get
affected with virus its can lead to data lose, time lose and its can cost the company to
clear the virus from server so its highly recommended to install original antivirus guards
on the data processing server.
According to question there this company is not processing the stocks on system every
day. This is a vulnerability risk because considering there are more than fifteen new
orders per day if the stock is not handled every day it can lead to data storing error on
day end process and customers could order the products which are not in stock it can
lead to customer dissatisfaction on product delivery. Therefore I highly recommend to
process the stock handing every day to resolve this vulnerability risk.
According to question four not having a fingerprint reader to keep the track of
attendance will lead to vulnerability risk because the need to classify individuals is
especially important in the workplace, as it is often related to staff attendance, security,
and payroll in the workplace. So I highly recommend to have a fingerprint reader so
they can quickly identify employees and verify and keep the track of everything clearly.
According to question two there are eight staffs who are not taking backup on regular
schedule and it’s a vulnerability risk considering accidents like deleting important files,
Damages to a hard drive and Power failures often occur when you least expect them
and when one happens it can lead to data loss so it is best to be prepared by backing up
the computer according to the regular schedule it can prevent the data loss.
According to question three not having a disaster recovery plan is a huge vulnerability
risk because disaster can strike via many routes. One of the most common is IT security
breaches and hacking attempts: this can lead to anything from the disclosure of
personally identifiable data to the irreversible loss of customer data so I highly
recommend to implement a disaster recovery plan to the data processing facilities to
avoid these issue and it’s also help this company on the elimination of unnecessary
hardware and reduce the risk of human error.
According to question four there are six staff not using VPN when accessing the
companies system it’s a vulnerability risk because a VPN can allow staffs to share files
securely and keep the data secure and encrypted and away from the prying eyes of
hackers while working remotely. So I highly recommend that every staffs should use
VPN to access the company system.
According to question five there are five computers runs without an antivirus guard and
it’s a vulnerability risk because if the computer get affected with virus its can lead to
data lose so it’s highly recommended to install original antivirus guards on all the
computer on this company.
NVivo: This software used for both qualitative and mixed-methods analysis. Is
particularly used for analysis of free audio, text, image, and video data from focus
groups, interviews, social media, journal articles and polls.
Text Analysis: A method for the identification of themes in texts and was developed
for use in research on ethnography and discourse. The researcher can also analyze
coded content, extract it, and save it.
QDA Miner: This is a program for qualitative analysis that lets you handle documents
and carry out basic tasks for qualitative analysis.
(Qualitative Data Analysis tools, 2020)
Spss: A statistical general purpose package commonly used for editing, evaluating and
presenting numerical data in academic science.
R: Free statistical computing and graphics program environment. It compiles and runs
on a wide range of UNIX, Windows and MacOS platforms. R is extremely extensible
and offers a wide range of statistical and graphical techniques.
(Quantitative Data Analysis tools, 2020)
3.3.3 Conclusion.
According to the analysis tools and techniques that have been mentioned above I recommend
Microsoft Excel has an analysis solution because excel is real easy to use, the easiest to learn
and the interface also so simple to use. The summary metrics and customizable graphics and
figures are easy to produce on Microsoft Excel and many of the Microsoft Excel add-ons are
open source. It’s also very easy to create workbooks that hook up to Access and SQL databases
and refresh this data to create an up to date data analysis in Microsoft Excel. So the Microsoft
Excel can be a perfect solution to provide an accurate data analysis.
4.1.1 The value of undertaking the research to meet stated objectives and own learning
and performance in this research.
The Research objectives were, To Investigate possible vulnerabilities within the Order
management system of akshaya food city and to investigate the causes and impacts of
vulnerabilities and to recommend measures to overcome vulnerability issues in the system.
In reflecting on the research carried out, the project management plan provides the methods
and ways from starting to end process. It is a crucial method and requires the understanding or
knowledge to gain the experience in the specific field and with the help of qualitative and
quantitative research methods all the project objectives were fulfilled successfully and the
Gantt chart and WBS helped to monitor and manage the time duration within the project
timeframe until the aims and objectives being accomplished.
The observations of this research are very significant for akshaya food city as there have not
been any vulnerability assessment done in similar capacity. To identify the loop holes and
drawbacks of the existing system, this research contributed positively and this research helped
to identify vulnerabilities of this system and bad practices of staffs while using a company
system and Then, based on their vulnerabilities, the project manager was able to provide
solutions for the vulnerabilities that been found and reduce the risks that akshaya food city will
face in the future.
4.1.2 Critically evaluate and reflect on the project outcomes, the decision-making process
and changes or developments of the initial project management plan to support
justification of recommendations and learning during the project.
Project outcomes, the decision-making process and changes or developments of the initial
project management plan can lead to the creation of deep and appropriate recommendations,
as well as to learning during the project, in line with the project management process. One of
the important factors helped me to achieve the goals of this project is the planning factor. In
other words, in order to accomplish the goals and objectives, it allows me to make a clear route
to follow the results of the projects and comprehensive plan seems to assist me to explain what
needs to be done first to save time and effort to help accomplish the project.
The decision-making of the project management process tends to form the justification of the
project's recommendations and learning and it also helps to overcome project planning issues
because, at first, the project struggled to find the results of the questionnaire in the correct way
the decision-making process help to overcome this issue.
The changes or developments of the initial project management plan will allows the conductor
of this research to strengthen the weakness of the analysis to fulfill the project requirements
and aims to help achieve the high results or outcomes and efficiency of the project.
In addition, I found after the fulfillment of this project that because of good time management,
I am able to conduct and accomplish a consistent research project better and more efficiently.
In a certain period of time, it gave me the ability to outline a complete content for my project
and it empowers me to stop spending too much time on a chapter to concentrate on crucial
sections of the project.
Project planning: Without careful project planning, a project can quickly get off track
before it has even begun. Organizations so often overestimate how fast they can
produce deliverables, underestimate costs, or both which leads to failure of project so
project planning would help to overcome this issues.
Clear focus and objectives: To success a project there should be one or more clear
objectives otherwise an unclear focus can lead to slippage of scope, missed deadlines,
and over expense.
Strategic alignment: Aligning projects with business strategy is one of the most
critical factors for using project management process.
Managed process: Project management is a constructive process that aims to assist the
right people at the right time to perform the right tasks. it can help to break down a
project into more manageable pieces.
Outcomes, interventions, and feedback that are meaningful and useful to your research.
To provide detailed description of the methods and statistics used in the research.
Written report
The report is a standard way of presenting information and a particular purpose-related
recommendation or conclusion. As well-developed report writing skills are important in many
professional contexts, reports are also used as an evaluation task so by doing this project I have
improve my report written skill.
Cost Management
Cost management permit a business to anticipate coming expenses in order to decrease the
possibility of it going over the budget. By doing this project I have learn the mistake I made on
cost management plan and it help me to improve my skill on estimating the cost. In beginning
I estimated two thousand six hundred rupees has the budget for this project but in the end of
the project the actual cost was three thousand rupees I have spent four hundred more than the
estimated budget which implies that we estimate everything in the planning, but sometimes
some estimates might vary from the plan.
Content References.
Base, K. and research, A., 2020. Qualitative Research Methods & Examples. [online]
Scribbr. Available at: <https://www.scribbr.com/methodology/qualitative-research/>
[Accessed 15 December 2020].
Bashay, F., 2020. What Is The CIA. [online] Difenda.com. Available at:
<https://www.difenda.com/blog/what-is-the-cia-triangle-and-why-is-it-important-for-
cybersecurity-management> [Accessed 12 December 2020].
Bhatia, M. and Bhatia, M., 2020. Quantitative Data Analysis Methods. [online] Atlan |
Humans of Data. Available at: <https://humansofdata.atlan.com/2018/09/qualitative-
quantitative-data-analysis-methods/> [Accessed 21 December 2020].
PAT RESEARCH: B2B Reviews, Buying Guides & Best Practices. 2020. Qualitative
Data Analysis Tools. [online] Available at:
<https://www.predictiveanalyticstoday.com/top-qualitative-data-analysis-software/>
[Accessed 20 December 2020].
Ray, S. and Ray, S., 2020. The Risk Management. [online] ProjectManager.com.
Available at: <https://www.projectmanager.com/blog/risk-management-process-
steps> [Accessed 13 December 2020].
Figure References.
Invensislearning.com. 2020. Risk-Management-Process. [online] Available at:
<https://www.invensislearning.com/blog/wp-content/uploads/2020/07/5-steps-of-risk-
management-process.jpg> [Accessed 13 December 2020].