5990考点复习

[lukaliou123]

1.AUDIT（审计） & QA

1.1.What is auditing? Information Systems are integral to organisations. Key business processes are enabled using information systems The purpose of IS audit is to review and provide feedback, assurances and suggestions.

“The process of collecting and evaluating evidence to determine whether a computer system (information system) safeguard assets, maintains data integrity, achieves organisational goals and effectively and consumes resources efficiently 收集和评估证据以确定计算机系统（信息系 统）是否保护资产、维护数据完整性、有效实现组织目标和有效消耗资源的过程

1.2.Why Audit – 3 areas 1.Availability 系统是否会在需要时随时可供企业使用？系统是否得到很好的保护以免受所有类型的损失和灾难？ whether the system will be available at all times when required and whether the system is well prepared for failures 2.Confidentiality（保密） 系统中的信息会只向需要的人(客户）披露吗 whether the information in the system will be disclosed only to the company and its customers 3.Integrity 系统中提供的信息是否始终准确、可靠和及时？什么确保没有未经授权的修改？ whether the information in the system is always accurate, reliable and timely; whether any unauthorized modifications will be allowed

1.3.Scope of an audit（审计的范围）

物理和环境（真实环境）审查 系统管理审查 应用软件审查 网络安全审查 商业连续性审查 数据完整性审查

• Physical and environmental review • System Administration review • Application software review • Network Security review • Business continuity review • Data Integrity review

1.4.The audit process（审计的过程） 准备 正式开始 审核进行中 正式调查结果介绍（报告） 跟进纠正措施 还有什么？某些情况下的认证

Preparation Formal Kick off Audit in progress Formal Findings Presentation (Report) Follow Up on Corrective Actions What else ? Certification in some cases

1.5.Quality Glossary Definition: ISO 9001. （ISO 9001定义） ISO 9001 被定义为规定质量管理体系 (QMS) 要求的国际标准。 组织使用该标准来证明能够始终如一地提供满足客户和法规要求的产品和服务。 ISO 9001 is defined as the international standard that specifies requirements for a quality management system (QMS). Organizations use the standard to demonstrate the ability to consistently provide products and services that meet customer and regulatory requirements.

1.6.What topics does ISO 9001:2015 cover?（ISO 9001管什么？） 质量管理系统的要求，包括文件化信息、计划和确定过程交互 管理层职责 资源管理，包括人力资源和组织的工作环境 产品实现，包括从设计到交付的步骤 通过内部审核以及纠正和预防措施等活动对质量管理系统进行测量、分析 和改进

Specific sections of the standard contain information on many topics, such as: •Requirements for a quality management system, including documented information, planning and determining process interactions •Responsibilities of management •Management of resources, including human resources and an organization’s work environment •Product realisation, including the steps from design to delivery •Measurement, analysis, and improvement of the QMS through activities like internal audits and corrective and preventive action

1.7.ISO9001 七个质量管理原则 QMP 1 – 以客户为中心 QMP 2 – 领导力 QMP 3 – 人员参与 QMP 4 – 过程方法 QMP 5 – 改进 QMP 6 – 循证决策 QMP 7 – 关系管理

ISO9001： Based on seven quality management principles (QMP) QMP 1 – Customer focus QMP 2 – Leadership QMP 3 – Engagement of people QMP 4 – Process approach QMP 5 – Improvement QMP 6 – Evidence-based decision making QMP 7 – Relationship management

1.8.ISO的好处 •组织质量管理体系 •创造满意的客户、管理层和员工 •不断改进他们的流程 •节省成本

•Organize a QMS •Create satisfied customers, management, and employees •Continually improve their processes •Save costs

1.9.Definition of QA（质量保证的定义） 质量保证 (QA) 是一种以过程为中心的方法，用于确保公司或组织提供最好的产品或服务。它与质量控制有关，质量控制侧重于最终结果，例如测试来自 批量生产后。 尽管这些术语有时可以互换使用。

质量保证侧重于增强和改进用于创建最终结果的过程，而不是关注结果本身。 质量保证中考虑的过程部分包括计划、设计、开发、生产和服务。

Quality assurance (QA) is a process-centered approach to ensuring that a company or organization is providing the best possible products or services.It is related to quality control, which focuses on the end result, such as testing a sample of items from a batch after production. Although these terms are sometimes used interchangeably. Quality assurance focuses on enhancing and improving the process that is used to create the end result, rather than focusing on the result itself. Among the parts of the process that are considered in QA are planning, design, development, production and service.

[lukaliou123]

2.Understand of IT technology

技术： 计算机视觉与图像处理、规划与预测、决策制定、NLP、机器人、…… •图像分类：通过手机应用程序拍摄的皮肤照片可以评估痣是否癌变 • 图像处理：越来越多地应用于放射组学，或检测超出人眼可感知的成像数据中的临床相关特征。 • 计划和预测：根据不同的患者属性和治疗环境，预测哪些治疗方案可能对患者成功。 • 决策：已用于分类应用，例如确定患者是否会患上特定疾病。 •NLP：可以分析关于患者的非结构化临床记录、准备报告（例如，放射学检查）、转录患者互动和进行对话式人工智能。 •机器人：为外科医生提供“超能力”，提高他们的观察能力，创建精确和微创的切口、缝合伤口等。

Technologies: Computer vision & Image processing, Planning and prediction, Decision-making, NLP, Robotic,…… •Image classification ：performed on photos of skin taken via a mobile phone app could evaluate whether moles are cancerous •Image processing: is increasingly being applied to radiomics, or the detection of clinically relevant features in imaging data beyond what can be perceived by the human eye. •Planning and prediction: Predicting what treatment protocols are likely to succeed on a patient based on various patient attributes and the treatment context. •Decision-making: has been used for categorisation applications like determining whether a patient will acquire a particular disease. •NLP: can analyse unstructured clinical notes on patients, prepare reports (e.g., on radiology examinations), transcribe patient interactions and conduct conversational AI. •Robotic: provide ‘superpowers’ to surgeons, improving their ability to see, create precise and minimally invasive incisions, stitch wounds and so forth.

[lukaliou123]

3.Change management VS Project management

1.1.Definitions 变更管理——应用结构化流程和工具，引导人员进行变更，以实现项目的预期结果（如投资回报率）。 项目管理——使用特定的知识、技能、工具和技术为人们提供有价值的东西

Change Management – the application of a structured process and tools for leading the people side of change to achieve a desired outcome (such as ROI) on a project. Project Management – the use of specific knowledge, skills, tools and techniques to deliver something of value to people

1.2.Why change management？

1. 公司经营成果

2. 减轻负面后果

3. 将变革管理转化为财务绩效

4. Company business result

5. Mitigating negative consequences

6. Translating change management to financial performance

1.2.1.Obstacle 人们不愿意改变，为什么？ • 战略和目标 • 知识 • 技术工具 • 领导力 • 目标 • 风险 • 个人原因

People do not willing to change, why? • Strategy and goals • knowledge • Technical Tools • Leadership • Goals • Risk • Personal reason

1.2.2.Mitigating negative consequences(减轻负面结果）

1. 生产力损失

2. 员工不满 3.主动/被动抵抗

3. 有价值员工的流失

4. 切实的客户影响

5. Productivity loss

6. Employee dissatisfaction

7. Active/passive resistance

8. Turnover of valued employees

9. Tangible customer impact

1.3.Intent（意图） 变更管理——确保受影响的员工接受、采用和使用与变更相关的解决方案 项目管理——确保有效地设计、开发和交付解决方案

Change Management – to ensure that impacted employees embrace, adopt and use the solution associated with the change

Project Management – to ensure that the solution is designed, developed and delivered effectively

1.4.Focus（重点）

变更管理——受项目解决方案或倡议影响的员工和利益相关者（必须采用和使用变更的人）

项目管理——与变更相关的技术解决方案的任务和活动

Change Management – employees and stakeholders impacted by a project solution or initiative (those who must adopt and use the change)

Project Management –tasks and activities the technical solution associated with a change

1.5.Process(过程） 变更管理： 准备方法 管理变更 维持成果

项目管理： • 利益相关者绩效 • 团队绩效 • 开发方法和生命周期绩效 • 规划绩效 • 项目工作绩效 • 交付绩效 • 测量性能 • 不确定性表现

Change Management： Phase 1 – Prepare Approach Phase 2 – Manage Change Phase 3 – Sustain Outcomes

Project Management: • Stakeholder Performance • Team Performance • Development Approach and Life Cycle Performance • Planning Performance • Project Work Performance • Delivery Performance • Measurement Performance • Uncertainty Performance

1.5.1.详细过程

1.6.Success Measurement(衡量是否成功）

变革管理——衡量关注变革的人员方面的要素，包括： •受影响员工的采用速度 • 受影响员工的最终利用率 •受影响员工的熟练程度 •取得成果和成果*

项目管理——测量侧重于变更元素的技术方面，主要是： •准时 •按预算 •符合技术要求 •取得成果和成果*

Change Management – measurement focuses on the elements of the people side of change, including: •Speed of adoption by impacted employees •Ultimate utilization by impacted employees •Proficiency of impacted employees •Achievement of results and outcomes*

Project Management – measurement focuses on the technical side of change elements, primarily: •On time •On budget •Meets technical requirements •Achievement of results and outcomes*

1.7.Summary

更换管理层： •没有标准指南 •包括不太正式的流程 •没有具体的时间表 • 以人为本 •管理因组织或项目发展而产生的变化的影响

项目管理： • 有完善的指南和标准 •遵循特定的时间线 • 专注于技术流程和系统 •管理项目的活动以满足特定的目标和要求

Change management: •Has no standard guidelines •Includes less formal processes •Has no concrete timeline •Puts focus on people •Manages the impact of change resulting from organizational or project developments

Project management: •Has well-documented guidelines and standards •Follows a specific timeline •Puts focus on technical processes and systems •Manages the activities of a project to meet specific goals and requirements

项目管理 Ø 解决问题：技术 Ø 有效地设计、开发和交付解决方案

更换管理层： Ø 解决问题：人 Ø 有效地接受、采用和利用解决方案 Project management: Ø Problem-solving: technology Ø Solution is designed, developed and delivered effectively

Change management: Ø Problem-solving: people Ø Solution is embraced, adopted and utilised effectively

[lukaliou123]

4.IT lifecycle stages

在 IT 项目的整个生命周期中，您最有可能评估项目是否成功。 解释原因并用适当的例子说明你的答案。 At what point in the full lifecycle of an IT project are you most likely to be able to assess whether the project has been a success. Explain why and illustrate your answer with an appropriate example

1.流程

战略 关于 e.g.org 的规划问题。 目标、商业价值、风险、容量、客户需求、效率、有效性、财务、组织变革、技术

设计/建造 功能需求——应用程序将做什么 非功能性需求——容量、可用性、连续性安全

过渡 发布到实时环境中——变更管理、资产和配置管理、知识管理测试和验证、发布和部署

正在进行的操作 事件管理、事件管理、问题管理、监控、服务台

连续的提高

主要领域 流程的整体健康状况 结果与业务需求持续保持一致

指导原则 你无法管理你无法控制的事情 你无法控制你无法衡量的东西 你无法衡量你无法定义的东西

Strategy Planning questions about e.g.org. goals, business value, risk, capacity, customer needs, efficiency, effectiveness, finance, org change, technology

Design/build Functional requirements – what will the application do Non-functional requirements - capacity, availability, continuity security

Transition Release into the live environment – change management , asset and configuration management, knowledge management testing and validation, release and deploy

Ongoing Operation Event management, incident management, problem management, monitor and control, service desk

Continuous Improvement Main Areas Overall Health of processes Continual alignment of outcomes with Business Needs Guiding principles You cannot manage what you cannot control You cannot control what you cannot measure You cannot measure what you cannot define

[lukaliou123]

5.Data validity and data reliability（数据有效性和数据可靠性）

1.顺序 研究目的 研究方法 研究策略 数据采集 样品选择 数据分析

2.定义 信度和效度是用来评估研究质量的概念。 它们表明方法、技术或测试测量某事的程度。 信度关乎测量的一致性，效度关乎测量的准确性。

Reliability and validity are concepts used to evaluate the quality of research. They indicate how well a method, technique or test measures something. Reliability is about the consistency of a measure, and validity is about the of a measure.

2.1.Reliability信度

信度是指一种方法测量某事物的一致性。如果在相同的情况下使用相同的方法能够始终如一地获得相同的 。结果，则该测量被认为是可靠的。

Reliability refers to how consistently a method measures something. If the same result can be consistently achieved by using the same methods under the same circumstances, the measurement is considered reliable.

2.2.Validity有效性 Validity refers to how accurately a method measures what it is intended to measure. If research has high validity, that means it produces results that correspond to real properties, characteristics, and variations in the physical or social world.

有效性是指一种方法测量其要测量的内容的准确程度。如果研究具有高有效性，这意味着它产生的结果与物理或 社会世界中的真实属性、特征和变化相对应。当我们在为研究主题设计问卷时，都会希望问题实际测量到的是我 们希望测量的，这样研究的数据才能准确的说明问题

效度高，信度一定高；信度高，效度不一定高。反之，信度低，效度也低。效度低，信度不一定低

sample题目 您在一家在线商店工作，您的老板要求您研究她正在考虑使用的特定新库存管理系统。 您可以在在线博客中找到对该系统的评论。 简要描述一个步骤，该步骤将最有效地确定该评价的可能有效性。 证明你的答案。 （目标50字，最多100字）

控制更多变量、改进测量技术、增加随机化以减少样本偏差、对实验进行盲法以及添加对照组或安慰剂组

You work for an online store, and your boss has asked you to research a specific new inventory management system that she is considering using. You find, in an online blog, a review of that system. Describe briefly one step that would be the most effective in determining the likely validity of this review. Justify your answer. (target 50 words, maximum 100 words)

controlling more variables, improving measurement technique, increasing randomization to reduce sample bias, blinding the experiment, and adding control or placebo groups

3.信息有效性 • 不同级别 • 主要来源（我的数据显示……） • 二手资料（大卫声称他的数据显示……） • 专家意见（史密斯教授认为……） • 不知情的意见（公交车上有人告诉我……）

Different levels • Primary sources (My data shows…) • Secondary sources (David claimed that his data showed …) • Expert opinion (Prof Smith thinks that …) • Uninformed opinion (Someone on the bus told me …)

4.评估来源 • 来源权威 • 必须信誉良好且可靠（我们怎么知道？？？） • 同行评审流程 • 材料的适用性 • 必须相关 • 材料充足 • 包括广泛的范围 • 支持和反对证据

Authority of the source • Must be reputable and reliable (how do we know???) • Peer review processes • Suitability of material • Must be related • Sufficiency of material • Include a wide range • Both supporting and opposing evidence

[lukaliou123]

6. Rearch研究⽅法

前言： 您已被聘为开发团队的研究人员。 确定您在项目开始时可能关注的一个关键研究领域。 需要数据。 如何收集数据与解释数据相关的风险

You have been employed as a research on the development team. Identify one key area of research that you might focus on at the beginning of the project. The data would be needed. How that data would be collected the risks associated with interpreting the data

1.What Is Data Interpretation?（什么是数据解释） 数据解释是指使用多种分析方法对数据进行审查并得出相关结论的过程。 数据的解释有助于研究人员对信息进行分类、操作和总结，以回答关键问题。

Data interpretation refers to the process of using diverse analytical methods to review data and arrive at relevant conclusions. The interpretation of data helps researchers to categorize, manipulate, and summarize the information in order to answer critical questions.

2.The purpose of research Review or synthesize existing knowledge Investigate an existing situation or problem Provide solutions to problems Explore and analyze more general issues Build or create new programs or systems explain new phenomena generate new knowledge ...or a combination of any of the above

3.量化研究与质性研究（Quantitative and Quality) • 质性研究：质性研究是研究处于自然状态下(指无人为因素干扰)的人、情况、 现象、社会环境和过程的新兴的、感性的、有解释力的和自然主义的研究方法， 目的是用描述性的术语揭示人与其所处的经验世界之间的联系。

• 量化研究：以研究者作为研究工具，在自然情境下采用多种资料收集方法，对 社会现象进行整体性研究，主要使用归纳法分析资料和形成理论，通过与研究 对象互动对其行为和意义建构获得解释性理解的一种活动。

质性研究即是一种成果以文字描述为主的呈现方式； 量化研究则是以收集和分析数据为成果的研究方法

量化研究：量化研究可被定义为用大量的数据来解释现象的研究方式，这些数据 得到以数理为基础的方法的分析，尤其是统计方法。量化研究通常用来验证已经 存在的理论。

质性研究：通过把研究对象的结构特征转变为可测量的变量，运用统计分析技 术、数学模型，揭示各变量之间真实关系和事物本质属性，及验证理论和假设的 研究活动。

4.质性研究方法：HOW AND WHY; focus on exploration and understanding, subjective 1.访谈调查法是指通过研究者与被研究者灵活深入的谈话获得完整、全面而真实的信息的方法。 2.定性观察法是指研究者根据一个大致的观察主题，在真实的情境中对被研究者进行的开放式观察的方法。 3.叙事研究法是指通过与被研究者同呼吸、共生活的方式，以活动中的故事为对象，采用归纳的方式，最后以叙事研究报告为成果展现的方法

5.量化研究方法：WHAT; focus on description and explanation, objective 1.问卷调查法是指根据一定的研究假设，设计并运用标准的统一问卷，采用标准的调查过程 （设计问卷、前测、调整后的正式测试等），在相对短的时间获得大量的信息和资料的方 法。

2. 实验法是指根据一定的研究假设，在活动中有计划地控制某些因素，以引起自变量朝着因 变量有利方向转变，并由此解释活动规律的研究方法。

3. 定量观察法是指根据事先设计好的系统化的、标准化的、结构化的计量观察表对被观察对 象进行观察，并搜集具体数据的方法。

   6.Experimental Method Advantages • 可以推断因果关系的强度。 • 能够操纵一个或多个变量。 • 被证明是一种非常有用和强大的科学方法（即，经受住了时间的 考验） Disadvantages • 严格的控制通常会产生人为的条件，这些条件可能会限制研究结 果的普遍性（即内部与外部有效性的权衡）。 • 耗时且昂贵。 • 人类行为非常复杂，无法使用实验方法进行充分研究

7.相关研究 优点是它可以检查无法检查的变量 实验操纵（例如，智商和职业状态）。 缺点是不能确定因果关系。 调查方法 采访 优势 - 全面，确保参与者理解问题，最大限度地减少缺失数据，澄清不明确的回答 缺点——费用昂贵，人们更喜欢拒绝参与，对面试官来说可能会有风险，面试官可能会偏向于回答。

8.Correlational Studies

Advantage is that it can examine variables that cannot be experimentally manipulated (e.g., IQ and occupational status). Disadvantage is that it cannot determine causality. Survey Methods

Interviews

Advantage - Comprehensive, ensure participant understands the question, minimizes missing data, enables clarification of unclear responses Disadvantage – expensive, people more like to refuse participation, can be risky for interviewer, interviewer may bias the responses

9.纵向研究 纵向研究（或纵向调查，或小组研究）是一种研究设计，其涉及在短期或 长期内对相同变量（例如，人）的重复观察（即，使用纵向数据）。它通 常是一种观察性研究，尽管它们也可以构建为纵向随机实验。 Longitudinal Design Disadvantage: Gathers data on a factor (e.g. confidence) over time. Advantage: is that you can see the time course of the development or change in the variables

10.横断面研究 又称横断面调查，因为所获得的描述性资料是 在某一时点或在一个较短时间区间内收集的，所以它客观 地反映了这一时点的疾病分布以及人们的某些特征与疾病 之间的关联。

11.Cross-Sectional Study Designs Ø Compares groups at one point in time Ø E.g., age groups, ethnic groups, disease groups. Ø Advantage is that it is an efficient way to identify possible group differences because you can study them at one point in time. ØDisadvantage is that you cannot rule out cohort effects.不能排除同群效应

12.Difference: 纵向研究：纵向研究是指研究持续较长时间，并在每个阶段使用相同样本的研究。 横断面研究：横断面研究是研究者通过样本分析特定背景、人群或其他社会现象的研究。 12.纵向研究和横断面研究的特点： 持续时间： 纵向研究：纵向研究持续时间较长。 横断面研究：横断面研究仅完成一次。 研究性质： 纵向研究：纵向研究提出了研究主题演变的思路。 横断面研究：这些研究提供了一个横断面分析。 取样： 纵向研究：为研究所选择的样本在许多情况下进行研究，以了解差异或变化。 横断面研究：样本只研究一次。

[lukaliou123]

7.系统测试

Typical Test Objects of System test include: •Applications •Hardware/Software Systems •Operating Systems •System under Test •System configuration and configuration data.

1.What are Different Types of System Testing? 可用性测试：可用性测试主要关注用户使用应用程序的易用性、处理控件的灵活性以及系统实现其目标 的能力 负载测试：负载测试对于了解软件解决方案是否可以在实际负载下工作是必要的。 回归测试：回归测试涉及执行的测试，以确保在开发过程中所做的任何更改都不会导致新的错误。它还 确保随着时间的推移添加新软件模块时不会出现旧错误。 恢复测试：恢复测试恰好证明软件解决方案是可靠的，并且可以成功地从可能的崩溃中恢复。 迁移测试：迁移测试是为了确保软件从旧系统基础设施迁移到当前系统基础设施时不会出现任何问题。 性能测试：我们进行性能测试来检查不同工作负载下的响应、稳定性、可扩展性、可靠性和其他软件质量指标。 安全测试：安全测试评估软件的安全特性，以保证、保护、真实性、机密性和信息和数据的完整性。

•Usability testing: Usability tests mainly focus on the user's ease of using the application, the flexibility in handling controls and the ability of the system to meet its objectives •Load testing: The load test is necessary to know that a software solution will work under real-life loads. •Regression testing: Regression tests involve tests performed to ensure that none of the changes made during the development process have caused new errors. It also ensures that no old errors appear when adding new software modules over time. •Recovery testing: Recovery testing happens to demonstrate that a software solution is reliable and can successfully recover from possible crashes. •Migration testing: Migration testing happens to ensure that the software moves from older system infrastructure to current system infrastructure without any problem. •Performance testing: We do Performance Testing to examine the response, stability, scalability, reliability, and other software quality metrics, under different workloads. •Security testing: Security Testing evaluates the security features of the software to guarantee, protection, authenticity, confidentiality, and integrity of information and data

2.Testing during deployment

3.验收测试 验收测试是部署软件之前的最后一个测试操作。 在软件产品完成了单元测试、集成测试和系统测试之后，产品发布之前所进行的软件测试活动。 它是技术测试的最后一个阶段，也称为交付测试。 验收测试的目的是确保软件准备就绪，并且可以让最终用户将其用于执行软件的既定功能和任务。 Also testing done during the design phase is decreasing. Since the last features are introduced later in the software development process, the emphasis on the late testing and, especially, acceptance testing has increased, while, at the same time, available time for testing work has decreased.

4.测试的局限 测试不能确定产品在所有条件下都能正常工作，而只能确定它在特定条件下不能正常工作。 永远不应仅使用测试来保证程序正常工作。 测试可以显示错误的存在，但永远不会显示错误。

Testing cannot establish that a product functions properly under all conditions, but only that it does not function properly under specific conditions. Testing alone should never be used to guarantee a program is working correctly. Testing can show the presence of errors but never their absence.

[lukaliou123]

8.Ethics

Explain the professional standards and ethical framework that guide your decision.

1.Provide a definition of the following IT-related term: Deontology

deontology （義務論）这个词来源于希腊词，意思是责任(deon) 和(logos) 的科学(或研究)。在当代道德哲学中，道义论是关于道德要求、禁止或允许选择的规范理论之一。换句话说，道义论属于指导和评估我们应该做什么的选择的道德理论（道义理论），与那些指导和评估我们是什么样的人以及应该成为什么样的人相反。

The word deontology derives from the Greek words for duty (deon) and science (or study) of (logos). In contemporary moral philosophy, deontology is one of those kinds of normative theories regarding which choices are morally required, forbidden, or permitted. In other words, deontology falls within the domain of moral theories that guide and assess our choices of what we ought to do (deontic theories), in contrast to those that guide and assess what kind of person we are and should be

2.Professional standards 专业标准 专业标准是特定专业团体的成员必须遵守的一套实践、道德和行为。 专业标准包括： 问责制——对自己的行为负责 机密性——将所有敏感信息保密，远离不应访问的人 诚实——永远诚实 正直——有强烈的道德原则 守法- 遵守其开展活动的司法管辖区的所有适用法律 忠诚- 继续致力于他们的职业 客观性——不受偏见影响或影响 透明度——公开所有相关信息，不隐瞒任何事情。

Professional standards are a set of practices, ethics, and behaviors that members of a particular professional group must adhere to. professional standards include: •Accountability – takes responsibility for their actions •Confidentiality – keeps all sensitive information private and away from those who shouldn’t have access to it •Honesty – always being truthful •Integrity – having strong moral principles •Law-abiding – follows all governing laws in the jurisdictions they perform activities •Loyalty – remain committed to their profession •Objectivity – not swayed or influenced by biases •Transparency – revealing all relevant information and not concealing anything.

3.ACS: Code of Professional Conduct(职业准则code) 1.2.1。公共利益至上 1.2.2。提高生活质量 1.2.3。诚实 1.2.4。才能 1.2.5。专业发展 1.2.6。专业精神

• 1.2.1. The Primacy of the Public Interest • 1.2.2. The Enhancement of Quality of Life • 1.2.3. Honesty • 1.2.4. Competence • 1.2.5. Professional Development • 1.2.6. Professionalism

4.Sample: Why might you consider the ACS Code of Professional Conduct to be based on deontological ethics? (target 50 words, maximum 100 words) [Hard] 为什么您会认为ACS 职业行为准则基于道义伦理？ 在回答这个问题时，一个很好的起点应该是从实际解释道义伦理（即与您的职责相关）开始，然后一 旦清楚，然后解释ACS 则具有一组价值观，并且这些价值观被表述为您的职责，而不是要实现的结果。你甚至可以举个例子——例如价值观之一是“您将努力提高受您工作影响的人的生活质量”。即你会努力，而不是你会取得特定的结果。

In answering the question, a good starting point would have been to start by actually explaining deontological ethics (i.e. relates to your duty), and then once that is clear to then explain that the ACS Code has a set of values, and that these value are phrased as duties that you have, rather than outcomes to be achieved. You could even give an example - e.g. one of the values is that "You will strive to enhance the quality of life of those affected by your work." - i.e. you will strive, rather than you will achieve a particular outcome.

5.Australian Computer Society As an IT professional you may be interested in joining the Australian Computer Society, outline the benefits of joining the ACS, what factors will influence you joining this organisation

6.What are “ethics” 什么是“道德” 礼仪： 行为和礼貌守则 不遵守可能会导致尴尬 法律： 由警察和法院执行的一系列规则 不遵守这些可能会导致罚款或监禁 道德： 一种文化普遍接受的是非标准或 社会 我们在一生中发展了一套道德体系 个人道德 个人自己的道德承诺的集合，通常在早期家庭或宗教训练中获得，但经常通过后来的反思修改 职业道德 专业人士在以专业身份行事时采用的一套标准

What are “ethics” Etiquette: Codes of behaviour and courtesy Failure to observe may lead to embarrassment Law: Series of rules that are enforced by the police and the courts Failure to observe these can result in fines or imprisonment Morals: Standards of right and wrong generally accepted by a culture or society We develop a system of morals throughout our life Personal ethics the set of an individual’s own ethical commitments, usually acquired in early home or religioustraining but often modified by later reflection Professional ethics a set of standards adopted by professionals to apply when they are acting in their professional capacity

7.sample question 作为一名 IT 项目工程师，职业道德至关重要。 但是，您知道在您的公司中，许多 IT 工程师错误地使用了来自大型供应商的未经授权的软件，您是否会忽略这种弊端，或者您会采取哪些措施？

As an IT project engineer, ethics in your professional is of utmost importance. However, you know that in your company, many of the IT engineers are incorrectly using unauthorized software from a large supplier, would you ignore it this malpractice, or what steps would you and should take?

我不会忽视它。 正如问题所说，专业在我的专业中非常重要。 但是，未经授权的软件可能会导致组织损失，从而伤害专业人员。 因此，我们不应该使用那些未经授权的软件。 • 我会先提醒他这个动作。 • 如果他仍然无视我的警告，我不介意成为举报人。 • 我会提请那些有适当权力的人注意。 • 如果失败，我会尝试其他正常渠道，例如保留正式记录、寻求法律建议和咨询我的专业机构。 I will not ignore it. As the question said, the professional is very important in my professional. However, the unauthorized software might cause a loss of organization which will hurt the professional. Therefore, we should not use those unauthorized software. • I will remind him of this action first. • If he still ignores my warn, I would not mind becoming a whistle blower. • I will bring attention to those with appropriate authority. • If that fails, I will try other normal channels, like keeping formal records, seeking legal advice and check with my professional body

Steps： 为了应对这些伦理困境 • 我将首先定义问题，在这种情况下，员工使用未经授权的软件。 • 确定利益相关者，这将涉及该员工、公司福利、其他与该员工有工作关系的员工，因为他/她的工作可能会影响其他人的工作。 • 确定实用的替代品，如其他授权软件。 • 确定每个备选方案的可衡量影响，例如估计这些备选方案带来的结果。 • 做出初步决定，例如给出一些可能的解决方案、估计每个解决方案并选择最喜欢的解决方案。 • 决定如何实施决策，例如确定实施计划 • 并在实施后监控计划

Steps: In order to deal with those ethical dilemmas • I will define the problem first, in this case, the employee uses unauthorized software. • Identify the stakeholders, it will involve this employee, the company benefits, other employees who have relation with this employee about work since his/ her work might affect others work. • Identify practical alternatives, like other authorized software. • Determine measurable impact of each alternative, like estimating the results brought by those alternatives. • Arrive at a tentative decision, like giving some possible solutions, estimating each one and choosing the preferred one. • Decide how to implement the decision, like determining the plan for implementation • and monitoring the plan after the implementation

[lukaliou123]

9.Change management

1.ADKAR model

A：意识。 让员工意识到变化。 D：愿望。 灌输改变的愿望。 K：知识。 教员工如何做出改变。 A：能力。 将知识转化为做出改变的能力。 R：强化。 通过强化新方法使改变永久化。

A: Awareness. Make employees aware of the change. D: Desire. Instill a desire to change. K: Knowledge. Teach employees how to make the change. A: Ability. Transform knowledge into the ability to make the change. R: Reinforcement. Make the change permanent by reinforcing new methods

[lukaliou123]

10.Project plan

1.问题：

您的经理在工作中要求您为新的 IT 项目构想提出建议。 讨论他需要提交给投资委员会以确保资金可用的关键要素，即需要哪些资源、技术、时间、预算等，“IT 项目：成功的基础”来自Wateridge (1995) 在这个练习中的帮助

You have been asked by your manager at work to develop a proposal for a new IT project idea. Discuss the key elements that he will require for submission to the investment committee to ensure funding is made available, i.e. what resources, technology, timing, budgets, etc. will be required, does “IT projects: a basis for success” from Wateridge (1995) help in this exercise

2.Key Planning principle: four steps（关键四步） 1.确定工作分解结构（WBS）

2. 估计所需的工作量

3. 确定活动之间的依赖关系

4. 制定项目进度表

5. Determine work breakdown structure (WBS)

6. Estimate amount of effort required

7. Determine dependencies between activities

8. Devise project schedule

详细讨论 1.确定工作分解结构（WBS）： WBS 是一个以可交付成果为导向的项目要素分组，用于组织和定义项目的总范围。它包括3个要素： • 可交付成果（可交付的产出单位） • 活动（一个主要的工作类别；每个最后 1-30 天） • 任务（构成活动的一小部分工作） 2. 估计所需的工作量： 估算工作分解结构中每个活动的持续时间是一项艰巨的任务。它通常基于以前尝试类似任务的经验。如果以前没有尝试过类似的项目，那么工作量估计就更加困难了。

3. 确定活动之间的依赖关系： 为了将工作分解结构转化为工作计划，我们需要确定哪些活动必须在其他活动开始之前完成。此类活动称为前身。完整而准确地识别前任很重要，因为它们决定了整个项目的持续时间和灵活性。项目经理必须对项目有透彻的了解，例如每项活动的性质。

4. 制定项目时间表： 基于以上三个步骤，我们可以设计项目的时间表。

1. Determine work breakdown structure (WBS): WBS is a deliverable-oriented grouping of project elements that organizes and defines the total scope of the project. It includes 3 elements: • Deliverable (a unit of output that can be delivered) • Activity (a major work category; each last 1-30 days) • Task (a small unit of work that makes up an activity)

2. Estimate amount of effort required: Estimating duration for each activity in the work breakdown structure is a difficult task. It is usually based on previous experience of attempting similar tasks. If a similar project has not previously been attempted, then effort estimation is even more difficult.

3. Determine dependencies between activities: In order to translate a work breakdown structure into a work schedule we need to determine which activities must be completed before others may begin. Such activities are called predecessors. It is important to identify predecessors completely and accurately, because they determine the duration and flexibility of the whole project. The project manager must have a thorough understanding of the project, such as the nature of each activity.

4. Devise project schedule: Based on above three steps, we can devise the schedule of the project.

[lukaliou123]

11.Project estimation

1.问题 您已获得新 ERP 系统的项目范围，并且需要估算项目成本。 描述您将采用的方法、项目成本所需的项目要素以及可能需要的资源。

You have been given a project scope for a new ERP system and are required to estimate a project costing. Describe the approach you will take, what elements of the project you will need to cost the project, and possible resources required.

2.Four elements of project estimation（项目估计四要素）:

• 努力：消耗的人力资源量，例如 人时 • 资源：人力、材料和设备 • 持续时间：完成任务所需的时间，例如：持续时间 = 努力 / 资源 • 成本：完成任务的预算，例如：成本 = 资源 * 费率

• Effort: amount of human resource consumed e.g. person-hours • Resources: human, materials, and equipment • Duration: time take to complete a task e.g: Duration = effort / resource • Cost: budget for completion for a task e.g: Cost = resource * rate

3.Five steps in project estimation（项目估计五步）

1.确定项目的SIZE • 软件指标：代码行数、功能点

2. 确定所需的 EFFORT • 人时、天、周或月

3. 决定所需的资源 • 例如。 有多少工程师或程序员

4. 计算 DURATION • 例如。 20人时，3人： ∴ 持续时间 = 20 / 3 = 6.3 小时

5. 计算成本 • 例如。 20 人小时，每小时 70 美元： ∴ 成本 = 1,400 美元

6. Determine the SIZE of the project • software metrics: lines of code, function points

7. Determine the EFFORT required • Person hours, days, weeks or months

8. Decide on the RESOURCES needed • e.g. how many engineers or programmers

9. Calculate the DURATION • e.g. 20 person-hours, 3 people: ∴ DURATION = 20 / 3 = 6.3 hours

10. Calculate the COST • e.g. 20 person-hours at $70 per hour: ∴ COST = $1,400

4.Six approaches to project estimation（项目估计的六种方法）

1.功能点分析（不常见） 2.算法成本模型（不常见） 3.分量矩阵（不常见） 4、专家判断

5. 部分的总和 6、类推

6. Function point analysis (not common)

7. Algorithmic cost models (not common)

8. Component matrix (not common)

9. Expert judgement

10. Sum of the parts

11. Estimation by analogy

5.Expert judgement – pros & cons（优点与缺点） • 优点： • 相对便宜的估算方法。 • 花费相对较少的时间和精力 • 可以在开发周期的早期应用 • 如果专家有直接的经验，就可以成功 类似系统 • 缺点： • 相当主观 • 取决于经验和判断 • 如果没有合适的专家，则不能使用 • 假设专家已经处理过类似的系统 • 假设他们都有可靠的可用数据

• Advantages:
• Relatively cheap estimation method. • Takes relatively little time and effort • Can be applied early in the development cycle • Can be successful if experts have direct experience of similar systems • Disadvantages:
• Rather subjective • Depends on experience and judgment • Cannot be used if no suitable experts available • Assumes experts have dealt with similar systems • Assumes they all have reliable data available

6.类比，利弊

使用类比 - 利弊 • 优点： • 系统的，相当快的 • 如果有足够的历史数据可用，则可以 • 可以在开发周期的早期应用 • 缺点： • 必须确定适合对系统进行分类的一组特征 • 需要一个包含系统维护的历史规模成本数据的数据库。 • 如果没有可比项目被处理过，或者如果没有合适的历史数据可用，则不能使用 Using analogy – pros & cons • Advantages:
• Systematic, fairly fast • OK if sufficient historical data available • Can be applied early in the development cycle • Disadvantages:
• Have to determine set of characteristics suitable for classifying systems • Requires a database containing systematically maintained historical size cost data. • Cannot be used if no comparable projects have ever been tackled, or if no suitable historical data is available

[lukaliou123]

12.Agile and waterfal

1.问题： 您采用了一种敏捷开发方法，其中正在逐步开发和发布新系统。 在开发过程中，您能够确定该项目最终可能会成为重大失败的最早点是什么？ 证明你的答案。 （目标50字，最多100字）

You have adopted an agile development methodology where a new system is being developed and released incrementally. What would be the earliest point in the development that you would be able to identify that the project was likely to end up being a major failure? Justify your answer. (target 50 words, maximum 100 words)

2. What is Agile ? 敏捷是一种用于项目管理和软件开发的迭代方法，可帮助团队更快、更轻松地向客户交付价值

Agile is an iterative approach to project management and software development that helps teams deliver value to their customers faster and with fewer headaches

3.敏捷六步

4.优点和缺点（复杂） 优点 •您可以更快地部署软件，因此您的客户可以更快地获得价值 •您浪费的资源更少，因为您总是处理最新的任务 •您可以更好地适应变化并更快地做出反应 • 更快的周转时间 •您可以更快地检测和修复问题和缺陷 •你花在官僚主义和忙碌工作上的时间更少 • 有一个庞大的敏捷实践者社区，您可以与他们分享知识 •您可以获得即时反馈（这也提高了团队士气） •开发人员可以根据质量检查反馈提高他们的技能 •您不必担心过早的优化 •您可以试验和测试想法，因为它的成本很低 Advantage： •You can deploy software quicker, so your customer can get value sooner rather than later •You waste fewer resources because you always work on up-to-date tasks •You can better adapt to change and respond faster •Faster turnaround times •You can detect and fix issues and defects faster •You spend less time on bureaucracy and busywork •There's a big community of Agile practitioners with whom you can share knowledge •You can get immediate feedback (which also improves team morale) •Developers can improve their skills based on QA feedback •You don't have to worry about premature optimization •You can experiment and test ideas because its costs are low

缺点 •您无法估计您需要的时间，也不了解需求的全部范围 •您不知道市场上是否需要您的软件 •您无法绘制出业务需求，因此设计需要通过反复试验得出 •您可以无限制地接触准备好广泛参与的客户 •您无需立即交付功能齐全的软件即可进行迭代 •您和您的客户都没有复杂的官僚作风，会延误决策 •客户没有固定的预算/时间表 •你需要在有任何竞争之前占领市场 •您的客户在更新他们的软件时不会遇到问题（或者甚至没有注意到它，例如，他们使用网络应用程序） •You can't estimate the time you'll need and don't know the full scope of requirements •You don't know whether there's a need on the market for your software •You can't map out the business needs, so the design needs to emerge through trial and error •You have unlimited access to your customer who's ready for extensive involvement •You and don't need to deliver fully functional software at once can afford to iterate •Neither you nor your client has a complex bureaucracy that delays decision-making •Clients don't have a fixed budget/schedule •You need to capture the market before there's any competition •Your customers don't have trouble updating their software (or don't even notice it, e.g., they use a web app)

5.优点和缺点（精简） 敏捷优点： 敏捷的灵活性避免了僵化。 利益相关者和团队成员有机会在整个项目中进行观察和测试，从而可以随着事情的发展进行调整和更改。 这种更大的“用户关注”意味着在交付时结果可能会更符合预期——即使它们在此过程中已经发展。 敏捷鼓励团队合作、协作、自组织和问责制。 这有助于提高对项目成果和目标的整体动力和承诺。 敏捷的缺点： 由于其灵活性，如果变更没有得到有效管理和沟通，敏捷项目可能会随着优先级的转移而在组织的其他领域引发问题。 对于刚开始以敏捷方式工作的团队来说，在开发范围时，人们可能会不确定他们应该关注什么 Agile pros: Agile’s flexibility avoids rigidity. Stakeholders and team members have opportunities to observe and test throughout the project which allows for adjustments and changes to be made as things move forward. This greater ‘user focus’ means that on delivery it’s likely the outcome will be more in line with expectations – even if they have evolved along the way. Agile encourages teamwork, collaboration, self-organisation and accountability. This helps with overall motivation and commitment to a project’s outcomes and goals. Agile cons: Because of its flexibility, an Agile project can run the risk of causing problems in other areas of the organisation as priorities shift if the changes are not managed and communicated effectively. For teams new to working in an Agile way, there is a risk that people can feel unsure of what they should focus on when the scope is developing

6.What is Waterfall 瀑布方法（也称为瀑布模型）是一个顺序开发过程，它像瀑布一样流经项目的所有阶段（例如，分析、设计、开发和测试），每个阶段在下一个阶段之前完全结束 阶段开始。

The Waterfall methodology—also known as the Waterfall model—is a sequential development process that flows like a waterfall through all phases of a project (analysis, design, development, and testing, for example), with each phase completely wrapping up before the next phase begins.

7.瀑布优缺点 瀑布优点： •瀑布对于定义明确的项目特别有效。 项目利益相关者预先就将交付的内容达成一致，这使得规划和设计变得更加容易。 由于从一开始就知道项目的全部范围，因此更容易跟踪进度。 • 与敏捷不同，这种更线性的方法通常意味着团队成员只需要在其特定的项目阶段可用，因此可以继续专注于其他领域。 同样，项目的客户可能只需要大量参与早期的初始范围界定阶段，然后是交付。 瀑布缺点： •不利的一面是，Waterfall 需要预先提出全面的要求，这对于更复杂或更长期的项目有时可能具有挑战性。 • 它的顺序性和对预先规划的依赖意味着项目具有一定的刚性，如果不重新设计所有这些预先制定的计划，就难以部署项目中期的支点或方向转变。

Waterfall pros: •Waterfall is particularly efficient for well-defined projects. Project stakeholders agree upfront on what will be delivered, which makes planning and design much easier. Progress is more easily tracked as the full scope of the project is known from the beginning. •Unlike Agile, this more linear approach often means that team members only need to be available for their specific project phases and can thus continue to focus in other areas. Equally a project’s customers may only need to be involved heavily in the early initial scoping phase and then at delivery. Waterfall cons: •On the downside, Waterfall requires comprehensive requirements up front which can sometimes be challenging for more complex or longer-term projects. •Its sequential nature and reliance on pre-planning means there is a certain rigidity built into the project that makes mid-project pivots or directional shifts difficult to deploy without re-engineering all those pre-made plans.

8.Agile VS Waterfall

敏捷 当项目基于渐进式进展、复杂的可交付成果或多个（并不总是连续的）时间线时，敏捷是有意义的。需要凝聚力和协作但跨职能团队交付的项目将需要采用敏捷方法。如果流程或角色不明确，则可以在项目进行时为解决问题留出空间。它还允许项目客户在此过程中的任何阶段参与。分阶段、更新或版本开发的产品特别适合敏捷。

瀑布 瀑布通常更适合不太复杂的项目或那些对团队成员有明确定义的要求、流程和角色的项目。具有大量细节的单一交付时间框架以及在此过程中几乎不会发生变化的预期是理想的。当客户在最初的简短和最终交付之外不需要大量参与时，瀑布也很有效。从管理的角度来看，瀑布通常对固定价格或依赖合同的项目有意义，以降低预算或交付超支的风险。

Agile makes sense where a project is based on incremental progress, complex deliverables ormultiple, not always sequential timelines. Projects that require cohesive and collaborative but cross- functional teams to deliver will need to take an Agile approach. If processes or roles are unclear it makes room for figuring it out as the project goes along. It also allows for involving the project client at any stage along the way. Products that are developed in stages, updates or versions are particularly suited to Agile.

Waterfall Waterfall is usually more suited to less complex projects or those that have well defined requirements, processes and roles for team members. Single delivery timeframes with lots of detail and an expectation that very little is likely to change along the way are ideal. Waterfall also works well when the client is not required to be heavily involved beyond the initial brief and final delivery. From a management point of view, Waterfall can often make sense for fixed-price or contract dependent projects in order to lessen the risk of budget or delivery over-runs.

9.小补充 一个有趣的事实是，在使用瀑布模型的 67% 的专家中，敏捷模型的一个特定特征得到了实施，即与客户和/或利益相关者的频繁接触。 这些公司的参与专家提到了瀑布模型适应敏捷的趋势，更加关注环境变化和客户或利益相关者的需求。 An interesting fact was that in the case of 67% of the experts, that used the Waterfall model, a specific characteristic of the Agile model was implemented, namely the frequent contact with the customers and/or stakeholders. The participating experts in these companies mentioned a tendency of adaptation of the Waterfall model towards Agile in the direction of more focus on environmental changes and customer or stakeholders’ needs.

[lukaliou123]

13. Decision making

Decision Making • Identify the problem. • What are the company’s choices? • Gather information: • What information should the company gather that would be helpful to know before making a decision? • Consider the outcome. • What would be the results of the decision? • Make the decision. • What should the company do? • Evaluate your decision. • Why do you think this is the best decision possible?

[lukaliou123]

14.Communication

1.问题： Your manager has fallen sick and you are required to make a presentation to the Chief Information Officer and his senior management team on the progress of the new CRM system. You have 10 minutes to give them an update. What are the key elements of your talk?

2.演示文稿剖析

1. 讯息 2.结构
2. 时机 4、物理因素 5、个人因素
3. 视觉效果 - 简报

Anatomy of a presentation

1. The Message
2. Structure
3. Timing
4. Physical factors
5. Personal factors
6. Visuals - Powerpoint

3.详细剖析

[lukaliou123]

15.Business Intelligence

1.问题 您的经理要求您采购一个新的商业智能软件包，概述您在为您的公司采购这个新软件包时要寻找的关键要素？ You are asked by your manager to source a new Business Intelligence software package, outline the key elements that you would look for when sourcing this new package for your company?

2.What is Business Intelligence? • Data • Business Intelligence Tools (ETL) • Online Analytical Processing (OLAP) Business Intelligence enables the business to make intelligent, fact-based decisions

3.Four key components of a BI system 1.包含内部和外部数据的数据仓库

2. 用于操作、挖掘和分析数据的业务分析工具
3. 一套用于监控和分析绩效的业务绩效指标 4.用户界面 1.Data warehouse containing both internal and external data
4. Business analytic tools for manipulating, mining, and analyzing data
5. A set of business performance indicators for monitoring and analyzing performance 4.User interface

4.Benefits of business intelligence tools（工具的好处） 商业智能工具的好处 • “一个版本的真相”——企业信息的单一、可靠的呈现 • 组织围绕一组一致的关键绩效指标 (KPI) 和指标进行调整 • 集成访问多个数据源（ERP、CRM、电子表格、预算等） • 更快地收集和传播信息。 • KPI 和指标的简化图形表示 • 更快、更好、基于事实的决策

• ‘One version of the truth’ – a single, reliable presentation of corporate information • Alignment of an organization around a consistent set of Key Performance Indicators (KPIs) and Metrics • Integrated access to multiple data sources (ERP, CRM,Spreadsheets, Budgets, etc.) • Faster collection and dissemination of information. • Simplified graphical presentation of KPIs and metrics • Quicker, better, fact-based decision making

商业智能系统在需要时提供准确的信息……。 关于组织及其环境，包括（几乎）实时查看公司状态和绩效

A Business intelligence system provides accurate information when needed…. about the organisation and its environment, including a (nearly) real-time view of corporate status and performance

5.1.Data Warehouse（数据仓库）

一个物理存储库，其中关系数据经过专门组织，以标准化格式提供企业范围内的清 理数据。 “数据仓库是集成的、面向主题的数据库设计的集合，旨在支持DSS 功能，其中每 个数据单元都是非易失性的，并且与某个时间点相关。”

• A physical repository where relational data are specially organised to provide enterprise-wide, cleansed data in a standardised format • “The data warehouse is a collection of integrated, subject-oriented databases design to support DSS functions, where each unit of data is non-volatile and relevant to some moment in time.”

数据仓库是一种面向商务智能(BI) 活动（尤其是分析）的数据管理系统，它仅适用于查询和分析，通常涉及大量的历史数据。 在实际应用中，数据仓库中的数据一般来自应用日志文件和事务应用等 广泛来源。 数据仓库可集中、整合多个信息源的大量数据，借助数据仓库的分析功 能，企业可从数据中获得宝贵的业务洞察，改善决策

5.2.数据库和数据仓库的区别 数据库Database (Oracle, Mysql, PostgreSQL)主要用于事务处理， 数据仓库Datawarehouse (Amazon Redshift, Hive)主要用于数据分析。 用途上的不同决定了这两种架构的特点不同。 数据库(Database)的特点是： •相对复杂的表格结构，存储结构相对紧致，少冗余数据。 •读和写都有优化。 •相对简单的read/write query，单次作用于相对的少量数据。

数据仓库(Datawarehouse)的特点是： •相对简单的(Denormalized)表格结构，存储结构相对松散，多冗余数据。 •一般只是读优化。 •相对复杂的read query，单次作用于相对大量的数据（历史数据）。

5.3.数据仓库的四个基本特征 1 ⾯向主题 2 集成 3 ⾮易失 4 时变性

5.4.Characteristics of a data warehouse • Subject oriented • Integrated • Time-variant (time series) • Nonvolatile • Summarized • Non-normalized • Metadata • Web based, relational/multi-dimensional • Client/server • Real-time and/or right-time (active)

5.5.Benefits of a data warehouse • One view of the corporate data • Allows end users to perform extensive analysis more efficiently • Allows a consolidated view of corporate data • Better quality data • More timely information • Enhanced system performance • Simplified data access

6.1.Online Analytical Processing (OLAP) • 提供高级决策工具 • 一种回答即席多维分析查询的方法 • 更广泛的“商业智能”领域的一部分 • 包含报告和数据挖掘

• Provides advanced tools for decision making • An approach to answering ad hoc multi-dimensional analytical queries • Part of the broader field of ‘business intelligence’ • Incorporates reporting and data mining

6.2.Provide a definition of the following IT-related term: Analytics 分析是对数据或统计数据的系统计算分析。[1]它用于发现、解释和交流数据 中有意义的模式。它还需要将数据模式应用于有效的决策。它在记录信息丰 富的领域可能很有价值；分析依赖于同时应用统计、计算机编程和运筹学来 量化绩效

Analytics is the systematic computational analysis of data or statistics.[1] It is used for the discovery, interpretation, and communication of meaningful patterns in data. It also entails applying data patterns toward effective decision-making. It can be valuable in areas rich with recorded information; analytics relies on the simultaneous application of statistics, computer programming, and operations research to quantify performance.

6.3.OLAP operations

1. Slicing
2. Dicing
3. Drill down
4. Roll up
5. Pivot

7.ETL(Extract-Tra n s fo r m -Load) 从包括组织外部的多个不同数据源中提取数据 转换数据以满足运营需求 将数据加载到目标数据库、数据集市或数据仓库

• Extract data from multiple diverse data sources including those outside the organisation • Transform data to fit operational needs, including ‘cleansing’ (quality) • Load data into target database, data mart or data warehouse

8.总结

[lukaliou123]

16.Security

ITIL Characteristic 11 流程包含： 服务支持包括服务台、事故管理、 疑问管理、配置管理、变更管理和 揭晓管理。服务交付包括服务级别管理、成本 管理、持续性管理、可用性管理和 容量管理

2.Malware attacks（恶意软件攻击） 攻击类型 • 拒绝服务 - 电子邮件和垃圾邮件 • 秘密获取数据 - 特洛伊木马 • 零日攻击 - 特定行动 • 网络钓鱼攻击 - 使用电子邮件窃取个人数据

恶意软件的种类 • 复制——拒绝服务 •不可复制 – 间谍软件：以经济利益为动力的新趋势

Kinds of attack • Denial of service - emails and spam • Clandestine acquisition of data - trojans • Zero-day attack - specific actions • Phishing attack - using email to steal personal data

Kinds of malicious software • Replicating – denial of service • Non-replicating – spyware: new trend towards financial gain as motivation

3.Five categories of security threats(五种安全威胁） 1. 无意行为 • 人为错误、粗心大意、无知 2. 自然灾害 • 停电、火灾、洪水、地震 3.技术故障 • 硬件故障、软件故障 4.管理失误 • 无效的程序和控制 5. 故意行为 • 故意破坏和恶意破坏

1. Unintentional acts • Human error, carelessness, ignorance
2. Natural disasters • Power outage, fire, flood, earthquake
3. Technical failures • Hardware failure, software failure
4. Management failures • Ineffective procedures and controls
5. Deliberate acts • Vandalism and malicious damage

4.Protecting data(保护数据） • 隐私 • 您应该存储这些数据吗？ • 它是干什么用的？ 这一切都是必要的吗？ • 准确性 • 它是否正确、完整和最新？ • 财产 • 谁拥有它？ 可以卖给别人吗？ • 可访问性 • 保密性：谁可以访问数据？ • 何时何地可以使用它？ • Privacy • should you store this data? • what is it for? is it all necessary? • Accuracy • is it correct, complete and current? • Property • who owns it? can it be sold to others? • Accessibility • confidentiality: who has access to the data? • when and for what purpose may it be used?‘

5.Factors making security harder（让安全变得更难得因素）

• 更复杂的系统、分布式数据、非托管设备 • 犯罪分子变得更聪明：越来越多的威胁 • 犯罪往往长期未被发现 • 广泛的用户，大部分是非专家 • 管理层没有意识到问题 • 安全措施通常不方便 • 成本高昂 • 难以量化的好处 • More complex systems, distributed data, unmanaged devices • Criminals becoming cleverer: more and more threats • Crimes often not detected for long periods • Wide range of users, mostly non-expert • Management unaware of problems • Security measures often inconvenient • Costs substantial • Benefits hard to quantify

6.Other major sources of risk • IT department employees • Human Resources department employees • Managers • Consultants • Cleaners • Outsiders, hackers etc • ‘Social engineering’

7.Planning for business continuity • Backup procedures • Routine backups • Adequate, complete, incremental • Mirroring • Disaster recovery • Data, equipment, people • ‘Hot’ sites • Practice • System audit

8.Provide a definition of the following IT-related term: Creep（重点） IT 项目中的缓慢变化通常是指在初始范围达成一致后，在项目期间增量和持续发生的典型小变化（通常在需求、功能或范围方面——它们都是相互关联的），它们共同构成一个重大变化。 在项目中转移。

其中的关键方面是变化不断发生。 通常，每个更改都足够小，不会引发对项目预算或成本的重新协商，但是当您将所有小的更改加在一起时，它们代表了一个足以成为重大问题的重大更改。 （这通常与“煮青蛙原理”有关 - 参见 https://en.wikipedia.org/wiki/Boiling_frog）。 Creep in an IT project typically refers to typically small changes (typically either in requirements, features or scope - which are all inter-related) that occur incrementally and continuously during a project after the initial scope has been agreed, and which collectively form a major shift in the project. The key aspect in this is that the changes occur continuously. Often each change will be small enough that it doesn't trigger a renegotiation of the budget or cost of the project, but when you add all of the small changes together, they represent a major change that is sufficient to be a significant problem. (This is often related to the "boiling frog principle" - see https://en.wikipedia.org/wiki/Boiling_frog).

[lukaliou123]

17.Risk

可能的风险： • 特定任务超时 • 员工生病 • 员工离职 • 技术“障碍”——对发明的需求 • 技术故障 • 逾期送达 • 不符合规范 • 预算超支

会做什么 • 规避风险 更改项目计划以消除风险或条件。 例子： • 使用旧的、久经考验的软件或技术，而不是“流血”的优势 • 使电站远离故障线和海岸 • 降低风险

降低不良事件发生的可能性 减少不良事件的影响。 例子： • 确保良好的员工条件 • 雇用多名可以互相照顾的员工 • 在项目进度表中添加一些松弛 • 同时进行多个项目 • 制定灾难恢复计划 • 转移风险 支付溢价以将风险转嫁给另一方 例子： • 购买保险 • 对延迟交货的承包商进行处罚 • 外包项目的关键要素 • 分担风险 将风险分配给各方 例子： • 合资企业 • 分布式任务 • 接受风险 有意识地决定接受风险并在事件发生时处理

确保项目按时交付： 风险管理 • 在不确定的情况下做出明智的决定。 • 经理必须平衡每项行动提供的机会与可能 相关风险的负面后果。 • 现在就未来的可能性做出决定，而不是必须在未来做出决定。 • 主动而不是被动。

风险管理涉及

识别风险包括确定哪些风险可能影响项目并记录每个风险的特征。

评估风险涉及根据风险发生的概率和影响确定风险的优先级。规划风险应对措施包括采取措施增加机会并减少对实现项目目标的威胁。

监测和控制风险包括监测已识别的和剩余的风险、识别新的风险、执行风险应对计划以及在项目的整个生命周期内评估风险策略的有效性。 Possible risks: • Time overrun on particular task • Staff illness • Staff leaving • Technical ‘hitch’ - need for invention • Technology failure • Late delivery • Failure to meet specifications • Budget overrun What will do
• Avoiding Risk Change the project plan to eliminate the risk or condition. Examples: • Use older well-tried software or technology, rather than ‘bleeding’ edge • Locate power station away from fault line and the coast • Mitigating Risk

Reduce the likelihood an adverse event will occur Reduce impact of adverse event. Examples: • Ensure good staff conditions • Employ multiple employees who can cover for each other • Build some slack into the project schedule • Have several projects on the go concurrently • Have disaster recovery plan in place • Transferring Risk Pay a premium to pass the risk to another party Examples: • Take out insurance • Impose penalties on contractors for late delivery • Outsource critical elements of the project • Sharing Risk Allocating risk to different parties Examples: • Joint ventures • Distributed tasks • Accepting Risk Making a conscious decision to accept the risk and deal with the event if it happens

Ensure timely delivery of the project: Risk management • Making informed decisions under conditions of uncertainty. • The manager must balance the opportunity offered by each action against possible negative consequence of associated risks. • Making decisions now, about future possibilities, rather than having to make them in the future. • Being active rather than passive.

Risk management involves Identifying risks involves determining which risks are likely to affect a project and documenting the characteristics of each.

Assessing risk involves prioritizing risks based on their probability and impact of occurrence. Planning risk responses involves taking steps to enhance opportunities and reduce threats to meeting project objectives.

Monitoring and controlling risk involves monitoring identified and residual risks, identifying new risks, carrying out risk response plans, and evaluating the effectiveness of risk strategies throughout the life of the project.

[lukaliou123]

18.零碎的观念

1.Co-design Designing with involvement of users.

2.OCM Organizational change management

3.triple constraint costs, time, and scope

4.open-ended survey question. Any question without a predefined answer is an open-ended question. Survey an employer with a small team

5.Ethics, etiquette(礼仪），Moral Standards adopted by a group of people to apply to their actions Codes of behaviour and courtesy Standards of right and wrong generally accepted by a culture or society

6.The purpose of a stress test on an IT system is to: Load the system until it fails to determine the effects of overloading

7.Scope Creep It is the change, uncontrolled growth in a project's scope, at any point that after the project begin