Riipen Level Up
ICT Ignite
ABC Academy of Music
Project Scope:
ABC Academy of Music has been providing Music Classes and Lessons to students of all ages since 2003. In addition to operating in the B2C space for families and individual students, ABC operates B2B services for schools and daycares.
The main goal of this project is to plan and implement foundational and scalable best-practice security measures for the protection of ABC Academy's Hinna software design project data, systems and networks.
We are building a small business management software that will deal with scheduling, billing, and client data that requires the strongest possible foundation for security of data and protection against bad actor threats.
Deliverables
This will involve several different steps for the learners, including:
Analysing the existing security measures of Hinna and make a recommendation followed by implementation for our security
Analyzing networks and systems and assessing areas for improvement
Researching security measures that can be implemented
Review the process for vulnerability testing and help develop any best proactive policies to keep up with the current cybersecurity landscape (future-proofing)
Detecting and analysing any incidents, review incident reporting, and create an incident response plan
Creating full developer knowledge base documentation for back- and front-end developers so they understand how to develop their part of Hinna with full functionality, preserving security, and speed.
The project involves the following technologies, which should be uninterrupted by the security implementation:
AWS Hosting (incl. Cloud9 IDE, if needed)
Java Backend
SpringBoot Framework
-Rabbit MQ Library
Thymeleaf Templating Engine
htmx Frontend
What we make is intended to be Simple, Speedy, and Secure. The security effort should contribute to these standards, and not detract from them. Novel solutions for preserving speed while delivering high security will be happily reviewed.
HINNA Platform Deliverables:
Below is the 10 final documents that have been delivered to the ABC Academy of Music.
ABC Academy comprehensive Vulnerability Testing and Proactive Policy: This document outlines a comprehensive security strategy for the HINNA platform, focusing on vulnerability testing and the establishment of proactive security policies. It details the methodologies for identifying and evaluating weaknesses in the system's security posture and emphasizes the importance of creating a security-conscious culture within ABC Academy. This document directly aligns with the project's goal to plan and implement foundational and scalable best-practice security measures.
Onboarding Outline for Development and Beyond: This document provides onboarding recommendations for the HINNA platform, focusing on security considerations throughout the Software Development Life Cycle (SDLC). It outlines key security practices and considerations to be integrated into the development process, ensuring that security is a priority from the outset. This aligns with the project's objective to embed security measures into the software development life cycle.
ABC Academy comprehensive Incident Reporting and Analysis: This document details the policy and procedures for incident analysis and reporting for the HINNA platform. It provides a structured approach to investigating and documenting security incidents, ensuring thorough analysis, identification of root causes, and steps taken to mitigate the impact. This document is crucial for the project's aim to create an incident response plan.
HINNA Document Tracker: This document serves as a security recommendation tracker for the HINNA project. It lists the documents, their completion status, and the individuals assigned to them. This document is essential for project management and ensuring that all necessary security-related documentation is completed.
ABC Academy comprehensive security assessment: This document provides a comprehensive security assessment for the HINNA platform. It assesses the current security posture of the HINNA platform, highlighting weaknesses and recommending immediate actions and long-term strategies for a secure and resilient system. This aligns with the project's goal to analyze existing security measures and make recommendations for improvement.
ABC Academy comprehensive Disaster Recovery Plan: This document outlines a comprehensive disaster recovery plan for the HINNA platform. It details procedures for recovering from various disaster scenarios, ensuring minimal downtime, data loss, and operational disruption. This directly supports the project's deliverable to create a disaster recovery plan.
ABC Academy comprehensive OWASP Policy: This document focuses on integrating Open Web Application Security Project (OWASP) guidelines and recommendations into the HINNA platform. It provides an overview of the OWASP Top 10 vulnerabilities, their potential impact, and recommendations for mitigation. This aligns with the project's requirement to review the process for vulnerability testing and develop proactive policies.
ABC Academy comprehensive Recommendation and implementation plan: This document outlines a recommendation and implementation plan for enhancing the security of ABC Academy's HINNA platform. It details key security practices and AWS services that can be implemented to address security gaps and enhance the platform's security posture. This document aligns with the project's objective to analyze existing security measures and make recommendations for implementation.
ABC Academy comprehensive Business Continuity Plan: This document presents a comprehensive business continuity plan for the HINNA platform. It outlines strategies and procedures to maintain critical business functions during and after disruptive events, ensuring operational resilience. This document is essential for the project's requirement to create a business continuity plan.
ABC Academy comprehensive Developer Knowledge Base: This document serves as a developer knowledge base for the HINNA platform. It provides security recommendations and best practices for developers to ensure the security of the HINNA platform throughout the software development lifecycle. This aligns with the project's deliverable to create full developer knowledge-based documentation.
