SBRU is an online travel service that makes allows students to book vacations for college students; students have used the service for decades, however, changes in technology have necessitated changes to better meet student needs. Students can access the system and book rooms and SBRU has a list of resorts that need to know their bookings of a weekly basis. In line with recent technological developments, SBRU has opted to update its systems to include social media and this requires a new design with several use cases. To create a new system for SBRU, this paper creates class diagrams for booking reservations and adding a resort. The paper then creates interaction diagrams for the same and then outlines how security for the new system will be achieved. A database schema is then developed for the ER diagrams developed and a suitable strategy for deployment proposed. The paper then concludes with a description of how the project management will be undertaken, with a particular focus on risk management and how the risks will be mitigated
Security is a major concern, especially in the system where clients will be able to conduct transactions and post personal information when using the SBRU system. The students and possibly employees will be updating their social media status; given its rise as a means for interaction and communication, especially when people are on vacation (Luo et al., 2009). Social media has become the preferred communication channel for many people, and so students on the SBRU system as well as employees and partners are going to use it frequently. The social networking subsystem has inherent security risks including phishing and an effective platform for malware attacks as well as identity theft attacks (Rathore et al., 2017), (Rosenblum, 2007). The first step in ensuring the security of the system is to implement governance structures with regard to social media use, both for students at the resort and employees as well as partners (the resorts). Business data must be classified so that employees understand what sensitive information is and what can be posted online; this is because internal weaknesses are likely to exacerbate social networking risks (Fang and LeFevre, 2010). Further, the people that can access the classified and sensitive information must be defined with access rights controlled through two step authentication. Further, the policy must extend to the students on vacation that will be the biggest users of the social media subsystem. Clear guidelines must be set on how they can create secure passwords (Hajli and Lin, 2014). SBRU should undertake effective monitoring and engage directly whenever there are brand mentions on the social networking subsystem. The firm should keep track of all active social media accounts and ensure they meet the set policies, including on passwords. When users log in, it is likely they will leave the site open; the social networking accounts should be designed in such a way that users are automatically logged out after a period of inactivity, especially when the accounts are accessed from devices such as laptops, desktops, or public access points (Turban et al., 2017). A robust policy for social media use will help avoid cases of human error and accidental posting of sensitive information. Employees must be trained on what kind of information can be posted on the social networking site for everyone else to see because one of the biggest challenges with social media is that everyone connected can see a post or information. When students check in, their mobile devices must be registered in the master list and the URL as well as identifying features stored; this will ensure that malicious users are detected on time (Liang et al., 2014). The students also need to have a security policy and be told what they can and can not post for their own security. For instance, a student seeking some customer service through the social networking subsystem can post their personal details such as names, or even credit card information; they should be advised strongly against this. The subsystem should also be designed to reject such information being visible to the rest of the users (Gupta, Agrawal and Yamaguchi, 2016). Further, when the students are using the social networking subsystem, it is important that the back end is designed to monitor the geographic location of the user; all log ins, especially from non-traditional devices or locations must be flagged and confirmation made if the said account holder accessed the account; otherwise it should be immediately suspended to avoid further damage. SBRU can achieve this by creating a master list of all URLs, account holder details, and passwords for administrators (Mohamed and Ahmad, 2012). Scams involving phishing attacks on social media is a very big and real threat for the social media sub system and this is another priority area for ensuring security. SBRU should invest in a secure technology, and security should be incorporated right from the design phase. Because the social networking subsystem will be hosted on its servers, the design should incorporate a cloud backup in case of problems with the physical hosting servers. Further, the hosting locations must have high level security implemented, including encryption of information in the social networking site when in transport and even at rest (Huang and Benyoucef, 2013). SBRU should implement basic security measures, including a firewall (physical and software) for the social networking site host servers and install network monitoring tools and software to monitor use and help identify malicious users pretending to be ‘friendly’ users (phishing attacks). The social networking subsystem should have security and use policies set such that it cannot be accessed outside of a given parameter by implementing strict Geo fencing measures; this will ensure malicious users posing as legitimate users are unable t access and exploit the system from a remote location (Henne, Szongott and Smith, 2013).
The schema is developed for the users booking a room based on the ER diagrams developed priorly as shown below;
The development and implementation of the system must follow a systematic approach; the development and testing will be done using the Agile SCRUM framework, in which the systems will be designed, developed, and tested at the end of every sprint backlog and any issues identified and rectified. The framework that best suits such a project requires incremental and continuous improvement, especially with regard to functionality, performance, and security. An incremental approach based on Agile SCRUM will ensure the final system and subsystems have as few faults and problem as possible (Ambler, 2013). The best method to implement the system is using the phased in conversion approach; implementation is a process in which the information system is implemented in a way that makes it highly operational as desired. Implementation entails construction a new system from scratch and adding it to an existing one, or at least having some existing features retained. An effective implementation will enable the users to take over the system operation and evaluates it. The development will follow an agile approach that will ensure frequent testing and evaluation with the intended users. This will ensure new user requirements are identified and any problems or challenges with its use also identified and resolved up front. Implementing a new system such as proposed for SBRU is a form of change within an organization; change implementation always faces resistance and so at the beginning during the planning phase, change management strategies that are effective for the particular case should be used. This requires getting views from staff on the proposed changes and having them involved, through effective leadership so they take ownership of the system from start. This will ensure other interventions, such as implementing security policies are well received and internalized. End user training will be incorporated into the implementation of the system; users will be trained on the new system for booking and how resorts can post and update information (Leffingwell and Reinertsen, 2012). The training will also cover how to work with the new processes, maintain security, and troubleshoot and solve basic problems. Implementation requires conversion as well; conversion refers to the process of migrating to the new system from the old system. Conversion offers a system that is understandable and structured to ensure communication between stakeholders is improved and that the new system implementation is a success. A successful conversion will require a suitable conversion plan that details all activities that must be undertaken during implementation of the new system (Ford et al., 2010). The conversion plan anticipates any challenges or problems and mitigates these upfront; it will form part of the overall risk management strategy. The conversion plan will name all files to be converted, identify data requirements for developing new files during conversion, and list all new procedures and documents required for successful implementation. The plans also detail the controls for every activity and give responsibilities to a person for every activity as well as verify the schedules for conversion. The most suitable conversion method for implementing the new system is the phased in conversion approach in which working versions of the new system are implemented in a specific part of the organization as per feedback and then installed throughout, stage by stage. The new system is then gradually installed across all the users: this method is suitable because it enables training to be incorporated without wasting limited resources (Ford et al., 2010)
The project will be implemented through the Agile SCRUM framework; however, there are still risks inherent to the project that must be mitigated. The table below outlines the risk management strategy for the project
|
Risk |
Effect |
Mitigation |
Contingency |
Responsibility |
|
Poor system design and solution |
The designed system fails to solve the business needs and requirements; objectives are not met |
Detailed user requirement analysis and using SCRUM agile to identify any user requirements not captured as the system is tested Have a detailed scope management and quality management plans to ensure the objectives are met Strategic hiring of human resources (skilled workers) |
Identifying any new user requirements as the system is tested at each sprint backlog Effective Scope change management |
Project manager, Risk management team |
|
Project budget inadequate; wastage |
The project is not completed as required and ends up requiring more finances to complete |
Accurate and effective estimation and budgeting methods; strict cost control |
Innovation to offset problems, cost control and reviews |
Project manager |
|
Project completed late (late delivery) |
Delivery deadline exceeded, resulting in increased costs |
Have an effective project management plan project schedule control and monitoring against the schedule baseline |
Compression by adding more resources if project is falling behind the schedule |
Project manager |
|
Loss of sponsor support |
The executive sponsors fails to gives further support to the project leading to abandonment midway |
The project manager and team should identify all important stakeholders and determine their impact and effect on the project. Have an elaborate and effective communications plan to manage stakeholders, especially the executive sponsor |
Regular communications, reporting and updates to executive sponsors on project progress Ensure they are involved in key decisions, including scope changes and seek their approval |
Project manager |
|
Implementation problems |
System not implemented successfully die to staff resistance and poor planning |
Effective planning of implementation strategies Effective change management strategies developed before commencement Use suitable implementation plan |
Change management strategy Effective leadership and user training |
Project manager |
References
Ambler, S. (2013). Agile database techniques. Hoboken, N.J.: Wiley.
Fang, L. and LeFevre, K. (2010). Privacy wizards for social networking sites. Proceedings of the 19th international conference on World wide web – WWW ’10.
Ford, E., Menachemi, N., Huerta, T. and Yu, F. (2010). Hospital IT Adoption Strategies Associated with Implementation Success: Implications for Achieving Meaningful Use. Journal of Healthcare Management, 55(3), pp.175-189.
Gupta, B., Agrawal, D. and Yamaguchi, S. (2016). Handbook of Research on Modern Cryptographic Solutions for Computer and Cyber Security. 1st ed. Hoboken, NJ: Wiley.
Hajli, N. and Lin, X. (2014). Exploring the Security of Information Sharing on Social Networking Sites: The Role of Perceived Control of Information. Journal of Business Ethics, 133(1), pp.111-123.
Henne, B., Szongott, C. and Smith, M. (2013). SnapMe if you can. Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks – WiSec ’13.
Huang, Z. and Benyoucef, M. (2013). From e-commerce to social commerce: A close look at design features. Electronic Commerce Research and Applications, 12(4), pp.246-259.
Leffingwell, D. and Reinertsen, D. (2012). Agile software requirements. Upper Saddle River (NJ): Addison-Wesley.
Liang, X., Zhang, K., Shen, X. and Lin, X. (2014). Security and privacy in mobile social networks: challenges and solutions. IEEE Wireless Communications, 21(1), pp.33-41.
Luo, W., Liu, J., Liu, J. and Fan, C. (2009). An Analysis of Security in Social Networks. 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing, 1.
Mohamed, N. and Ahmad, I. (2012). Information privacy concerns, antecedents and privacy measure use in social networking sites: Evidence from Malaysia. Computers in Human Behavior, 28(6), pp.2366-2375.
Rathore, S., Sharma, P., Loia, V., Jeong, Y. and Park, J. (2017). Social network security: Issues, challenges, threats, and solutions. Information Sciences, 421, pp.43-69.
Rosenblum, D. (2007). What Anyone Can Know: The Privacy Risks of Social Networking Sites. IEEE Security & Privacy Magazine, 5(3), pp.40-49.
Turban, E., Outland, J., King, D., Lee, J., Liang, T. and Turban, D. (2017). Electronic Commerce 2018: A Managerial and Social Networks Perspective. 9th ed. Cham: Springer International Publishing AG.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download