WK1 D3##21

IT Online Training Requirements Specifications 2018R2 Page 1

IT Online Training (ITOT) Project Requirement Specification 2018R

Draft

Description IT Online Training needs to develop an online service for IT training that includes scheduled courses, self-paced courses, and other training products like videos and books. The training service will be initially web-based but the architecture must have the option that different front-ends like applets, web services, or other designs can be used. The main function of the training site is to provide IT courses to its customers over the Internet. The application must cover various areas including customer management, course management, learning management system access, scheduling, purchasing through an online shopping cart; user account management, and payment management. Customers, instructors, course administrators, schedule administrators, and other administrators must have access to functions implemented in the system.

Sponsor Requirements The sponsors of the project have identified some preliminary requirements of the system as documented below. The following are some initial requirements of the application.

Functional Requirements

1. Purchase ITOT Products REQF1.1 Customers must be able to purchase ITOT Products via an online

shopping cart. REQF1.2 The Customer must be able to add and remove products from an

online shopping cart. REQF1.3 Customers must be able to cancel orders. REQF1.4 Customers must be able to purchase by credit card. REQF1.5 System must provide certificates of completion for customers.

2. Maintain Customer information REQF2.1 Customers must be able to create and change customer account

which holds information about the Customer including customer id, first and last name, address, phone numbers for work and cell phone. Customer id is issued by the system and cannot be changed by the customer.

IT Online Training Requirements Specifications 2018R2 Page 2

REQF2.2 The system must be able to store and maintain customer credit card information for each credit card including account number, account name, expiration date, and security code.

REQF2.3 The system must maintain a list of accounts in its central database. REQF2.4 The system must be able to search and display customer

information by instructors, course administrators, schedule administrators, and other administrators.

3. Maintain Products REQF3.1 The system must be able to create, modify, and delete ITOT

Products including scheduled courses, self-paced courses, videos, and books.

REQF3.2 The system must be able to maintain course information including course number, course title, course description, course type, course duration, course start date, course end date, course prerequisites, CEU credits, and course fee.

REQF3.3 The system must be able to maintain video information including video id, video name, and video fee.

REQF3.4 The system must be able to maintain book information including title, authors, date, edition, and ISBN.

REQF3.5 The system must maintain course history including offering dates (beginning and ending), number of students enrolled, and instructor.

REQF3.6 The system must provide search capability for courses based on title, category, popular course, recent releases, planned courses.

REQF3.7 The system must provide access to all course maintenance features to the Course Administrator.

4. Maintain Instructor Information REQF4.1 The system must maintain Instructor information including

instructor id, instructor first and last name, address, cell and home phone, areas of teaching expertise, bio, and stipend.

REQF4.2 The system must be able to provide reports of instructor schedules and courses taught

5. Maintain Course Schedules REQF5.1 The system must be able to create, modify, and delete course

schedule information in its central database including course title, course number, course description, course prerequisites, course type, length of course, course outline, schedule dates, and instructor information.

REQF5.2 The system must be able to query course schedules and display results for all users based on keyword, title, and schedule.

REQF5.3 The system must provide all course schedule maintenance features to the Course Schedule Administrator.

IT Online Training Requirements Specifications 2018R2 Page 3

6. Manage Shopping Cart REQF6.1 The system must be able to provide a shopping cart feature for

customers to select and pay for courses. REQF6.2 The system must provide a Shopping Cart Item which lists each

item in the Shopping Cart including quantity, item number, item name, cost, shipping, coupons, discount, and total.

REQF6.3 The system must be able to provide customers with the ability to update the shopping cart including increasing the number of items, removing items, calculating shipping costs, and applying coupons and discounts.

REQF6.3 The system must be able to provide payment options for the customer including credit cards.

7. Access Credit Card Service REQF7.1 The system must be able to link to an external Credit Card Service.

8. Access the Accounting System REQF8.1 The system must provide a link to the Accounting System for the

transfer of customer payment information.

9. Provide User Management REQF9.1 The system must provide management of User with user name and

password for all users of the system including customers and employees. Users can login and logout of the system.

REQF9.2 The system must implement a password policy that includes strong passwords including 8-15 symbols including letters (at least one upper case), digits, and special symbols like “!”.

REQF9.3 The system must maintain password history and not allow the reuse of the last three passwords

REQF9.4 The system must encrypt passwords.

Non-Functional Requirements

1. Design a Scalable Architecture REQNF1.1 The training application must be capable of maintaining customer

accounts for up to 100,000 customer accounts during the first six month and 1,000,000 after six months.

REQNF1.2 The training application must be capable of servicing up to 1,000 simultaneous customers initially and up to 10,000 after six months.

REQNF1.3 The training application must be capable of handling 100 search requests per minute and up to 1,000 search requests after six months.

REQNF1.4 The training application must be capable of handling up to 100 purchases per hour and 1,000 after six months.

IT Online Training Requirements Specifications 2018R2 Page 4

2. Implement Security

REQNF2.1 The system shall implement the industry standard security features, including PCI compliance, for using secure web pages for all sensitive transactions including account, password, and payment management.

REQNF2.2 The system shall provide protection from the common web security threats including Injection, Weak Authentication and session management; cross site scripting (XSS); Insecure Direct Object References; Security Misconfiguration; Sensitive Data Exposure; Missing Function Level Access control; Cross Site Request Forgery; Using Components with Known Vulnerabilities; Unvalidated Redirects and Forwards; price manipulation through hidden fields or cookies; buffer overflow and other security risks detailed in OWASP Top Ten at https://www.owasp.org/index.php/Main_Page

Note: The above requirements are not complete but represent an initial draft and are sufficient for our needs.