ISM Final Exam Review GuideCHAPTER 6What is SDLC: (Systems Development Life Cycle) structured step-by-step approach for developing information systemsaka: Waterfall Methodology (each phase is followed by one another)Seven Phases in SDLC:1.Planning – develop project plan2.Analysis – gather system requirements3.Design – design system4.Development – build the system5.Testing – test the system6.Implementation – detailed documentation; user training7.Maintenance – support system users; maintain supportive environmentPlanning Phase:1.define system to be developed; choose Critical Success Factor (CSF)2.set project scope (defines system requirements)3.develop project planProject Plan – defines what/when/who of system developmentProject Manager – defines, develops, + tracks projectProject Milestones – key dates for which certain aspects doneAnalysis Phase:1.gather business requirementsBusiness Requirements – requests system must meetJoint Application Development (JAD) – define/review of system’s business requirements (done by workers + IT)2.prioritize requirementsRequirements Definition Document – prioritizes business requirements in single documentDesign Phase:1.design technical architectureTechnical Architecture – hardware, software, telecommunications required for system2.design system modelsDevelopment Phase:1.build technical architecture2.build database + programsTesting Phase:1.write test conditions – detailed steps system must perform2.perform system testingImplementation Phase:1.write detailed user documentationUser Documentation – shows how to use the system2.prove training for system users (online or workshop)Maintenance Phase:1.build help desk to support system usersHelp Desk – group of people who respond to questions2.provide supportive environmentCharacteristics of SDLC:Context: method originally for old computersSize: BIG applicationsCost: highRigidity:Not IterativeComponent-Based Development (CBD): focuses on building small self-contained blocks of components that can be reused across variety of applications-Standard Interface-Loosely CoupledRapid Application Development (RAD): (aka rapid prototyping) emphasizes extensive user involvement to accelerate system’s development process-development team is continuously designing, developing, + testing prototypes(not on study guide)Selfsourcing (End-User Development): development + support of IT systems by end users with little/no help from IT specialists-do-it-yourself approach-more acceptable for developing smaller systems-design/development/testing/implementation replaced by prototypingAdvantages of Selfsourcing:-improves requirements determination-increases end-user participation-increases speed of systems development-reduces invisible backlog (list of all systems that an organization needs to develop but doesn’t have resources to do so)Disadvantages of Selfsourcing:-potential for inadequately developed systems-lack of organizational focus  “privatized” systems-insufficient design analysis  subpar systems-lack of documentation + external support  short-lived systemsOutsourcing: delegation of specified work to third party (specified length of time, specified cost, specified level of service)Outsourcing Options: (purchase existing software and then…)1.pay to have certain modifications made2.pay for right to make modifications yourself3.pay for entirely new + unique system to be createdAdvantages of Outsourcing:-focus on unique core competencies-exploit intellect of another organization-better predict future costs-acquire leading-edge technology-improve performanceDisadvantages of Outsourcing:-reduces technical know-how-reduces degree of control-increases vulnerability-increases dependencyCHAPTER 7IT Infrastructure: implementation of your organization’s architecture(includes hardware, software, information)Software Infrastructure:ERP – collection of integrated software for businesses; replaces “islands of information + processes”SOA – (Service-Oriented Architecture) software architecture perspective that focuses on development, use, + reuse of small self-contained servicesGoal: to meet all application software needsERP + SOA-plug-and-play components/services-all modules are interoperable-IT infrastructure beneath are hidden from usersClient/Server Network Infrastructure: one or more computers that are servers which provide services to other computers (clients)Features: servers + clients work together to optimize processing, info storage, etc.Pros: offloads info processing burden from the serverCons: places heavy load on network capacityFive Models of Client/Server Network Infrastructure:1.Distributed Presentation – server handles almost all functions2.Rempte Presentation – client handles all presentation functions3.Distributed Logic – server handles all data management; client handles all presentation formatting; logic processing is shared4.Remote Data Management – server handles data management only; client formats presentation + processes business rules5.Distributed Data Management – client handles all presentation formatting + business rule processing; data management duties are sharedTiered Infrastructure: IT system is partitioned into layers, where each layer performs specific type of functionality; tiered to represent types of client/server network3-Tier Infrastructure: client, application server, database serverex: webN-Tier Infrastructure: scalable 3-tier structure with more serversCHAPTER 8Phishing: program/system/website that pretends to be authentic to gain personal information for purpose of identity theftCookie: small file containing info about you + your web activities, which a web site places on your computerAnonymous Web Browsing (AWB): hides your identity from web sites you visit based on web proxy technologyTechniques of Hackers:Vulnerability Scanner – part of intrusion detection system in firewallsComputer Virus – software written with malicious intent to cause annoyance/damageDoS Attach – floods web site with so many service requests it slows down/crashes (Denial-of-Service Attack)Packet Sniffer – examines info passing by your computer or other network devicesComputer Security Goals: AvailabilityConfidentialityIntegrityTypes of Computer Security:1.Hardware Security Threats: drinks/food, kicked/bumpedControls: good use policy, backup2.Software SecurityThreats: virus, malfunction, improper accessibilityControls: anti-virus,