Help - Development Tools

ianmac42

New Member
Hi,

I have a startup business focused upon Information Security looking to develop commercial software (without any real budget). I am trying to specify a product architecture but I am having real problems with one specific area and I am hoping that someone can point me in the right direction.

The Requirement:
The application needs to produce a hierarchical structure which represents an organizational structure and all also represents systems and other assets.

For each item within this structure, we will need to capture and record characteristics of the item and we will need to link a relationship between the items and also between activities or events (i.e. risk assessment or auditing activities) where the objects can be used to represent the scope of the activity (i.e. which part of the organization, which systems etc).

Rather than creating this functionality as part of our application we are looking for some form of framework or tool-kit that can become part of our Integrated Development Environment to fulfill this purpose.

The usage:
A user would define the structure as part of initial setup. The user would then perform scheduled activities (Assessments / Audits) which would require the user to input responses to specific questions (regarding the status of security), but then to map where and how the responses relates to the organization structure and to the systems and assets.

Abstract approach:
Potentially the structure and assets would be created utilising some form of object, chosen from an object repository, examples are provided below ;
• Objects given geographical context (region, country, city, town, building etc.)
• Objects given business unit context (department, functions, users etc.)
• Objects given networking context (switch, router, SAN, gateway, firewall etc.)
• Objects with System context (web server, database server, file server, application server, ftp server, messaging server etc.)
And so on..

Ideally the attributes for an object could be specified by completing a form or by selecting objects which represent the same information.
e.g. for field location – type ‘DataCentre A’ or select object DataCentre A

Similarly the scope of activities (Risk Assessment or Audit), can be defined by manually specifying details or by selecting the objects such as geography (which locations to include), departments (to be included), systems (to be included) etc.

We had assumed that the relationship requirements could be addressed through the use of groups and group memberships or by applying rules.
i.e. Create a group to represent scope, group contains object specifying locations, departments and systems etc., however, because each object is also a member of other groups, this automatically specifies further information (such as network infrastructure and applications) which are relevant to that scope.
Or
Rule that is a filter, selecting objects that match a specified criteria to form a group or view

Ideally the structure would be fully editable by the user, allowing functions such as add, delete, drag and drop, link etc. allowing flexibility in changing the structure if and when required. We would also anticipate that when any modification occurs (i.e. change a link from one object to another), all references would automatically update.

Views and Presentation:
Ideally the solution would also provide flexibility in the presentation of the objects or the object information, able to display different views based upon objects, object information or relationship information and also providing different styles of layout to display the information.

Integration:
Ideally the solution would operate and integrate within a web environment for both development and operation based around PHP and Java. Alternatively the solution would operate and integrate with a client / server environment based around .Net, C++ and C#.

Ideally the solution would be able to utilise common database environments (MySQL) in order to store all information on the objects, object attributes and object relationships, alternatively, any embedded database would be accessible by the application utilizing it and the database schema, table structures and keys would be available to aid the integration.

Ideally the solution would provide the necessary libraries and run-time elements for compilation and installer, such that the application is self-contained and is not dependent upon any external component or third party component which is external to the system on which it is installed.

Commercial:
The commercial usage of such a solution would need to allow licensed integration into our product and must assigns unlimited rights of usage for the lifetime of our product and future releases. The license terms and license costs must be sufficiently unrestricted to allow commercial viability of our product.

Any suggestions on what could be used or how this might be achieved, sincerely appreciated.
 

chrishirst

Well-Known Member
Staff member
Ok? Lets see I have this right.


......




You have a start-up business that is something to do with "Information Security" but you have no idea of how to get started, and no budget to pay for anyone who does.


Does that sound about right?
 

chrishirst

Well-Known Member
Staff member
If so. .....






You don't have a "business", you have an idea, and without finance to pay for development or the knowledge and skills to do it for your self that is all it is likely to be.

Do you have any kind of business plan that might attract investment or allow you to get a bank to give you a loan?
 

ianmac42

New Member
Chrishirst, my appologies if my post appears to have offended you in some way.

Your assumptions are incorrect. We have a fully defined requirements specification, we have built a number of models in excel to test the process and logic. We have a team of nine people representing a range of skills (involved part time) and we are in the process of producing the data design which will lead to the development specification.

We do not have developers on-board yet and I am personally funding the business and product development.

We know how we want this to work, but was looking for some pointers on what we might use and that forums such as this may be a good place to ask the question.

I do have fully developed financial plans and business plans, and we will be seeking funding, however, getting funding requires that you have something tangible and demonstrable and this requires that we have identified the product architecture.

So if you are able to provide a constructive response to the enquiry, this would be much appreciated.
 

chrishirst

Well-Known Member
Staff member
Why should a forum post offend me???

Reading your post it just seemed like so many I have read from people who have what they think is a "ground breaking idea" but they have absolutely no idea of how to go beyond that.

Basically you should be taking advice from a real business consultant or advisor with qualified knowledge on the subject and your locality. NOT on a public forum where any chancer or clueless half-wit can offer "valuable advice" (possibly for a fee) without even knowing what continent you live in.

Reading your brief, it broadly sounds like you are trying to create what SAP and Excel (the company, not the spreadsheet application) have been doing for many years, which is called Enterprise Resource Planning (ERP) and if you are; you might be a bit late to the game to make any real headway.


That is UNLESS you have a bloody good USP.
 
Top