AbstractsComputer Science
Accessing a web based business systemthrough a smartphone, a risk analysis
| Institution: | Linköping University |
|---|---|
| Department: | |
| Year: | 2015 |
| Keywords: | Risk Analysis; Smartphone; Web based business system; Engineering and Technology; Electrical Engineering, Electronic Engineering, Information Engineering; Computer Systems; Teknik och teknologier; Elektroteknik och elektronik; Datorsystem; Examensarbete i Datorteknik; Computer Engineering |
| Record ID: | 1330981 |
| Full text PDF: | http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-117143 |
Abstract
This thesis project has been performed at (and for) a company named Strödata. The purpose of the project has been to perform a risk analysis on Strödata’s web based business system, and specifically analyze how access to the business system through smartphones would affect the risks posed to the system. This has been done to help decide if smartphone access should be enabled. An implementation of a web application which is suited for use on a smartphone has also been developed, as a proof-of-concept, to grant access to a limited part of the business system. The method used to perform the risk analysis has been CORAS, as presented by Braber et al in [1]. CORAS is a risk analysis method designed with IT-systems specifically in mind. The method is divided into seven steps. The new web application is an ASP.NET MVC3 site that uses JavaScript, jQuery and Ajax-JSON. The risk analysis showed, among other things, that the benefits of enabling smartphone access to the business system are larger than the risks it introduces. Smartphone access also opens up many new possibilities to implement interesting new features or improve old ones. The risk analysis also showed that there are risks to the system that need to be dealt with. For these, risks treatments were identified to lessen their probabilities and/or their consequences should they occur. Some treatments were completely successful in eliminating the risks they treat, others were not. However, the treatments that were not completely successful did reduce the risks far enough that perhaps they should be re-evaluated as un-/acceptable. The conclusions that can be drawn from this thesis project are that although enabling smartphone access to the business system introduces new risks to the system, the access also reduces certain risks. How costly the new risks are and how much the access reduces risks varies from company to company and from system to system. For Strödata, the reduction to certain risks was large enough to outweigh the new risks that would be introduced. Regarding the possibility to implement smartphone access to the business system, it is possible using more modern technologies, methods and frameworks; such as those mentioned above.
