MCS 214 Final Exam study guide Design layers.doc (additional concepts) Know topics as listed MVC-D concept Three Tiered concept This way the Domain Model is independent of the user interface and the actual DBMS used. Either user interface and/or DBMS can be changed without changing the Domain Model. This is the major advantage of a layered system design. The system is built of interchangeable parts. Quick Guide to Indices.doc Know topics as listed What an index is and the function it provides The basic rules for choosing indices Intro to design g4.doc Know topics as listed Elements of clarity in visual design Elements of coherence in visual design Elements of elegance in visual design Focusing on user’s goals Guidelines for designing usable interfaces Style guidelines for color Style guidelines for fonts Style guidelines for buttons Style guidelines for feedback messages Style guidelines for warning messages Style guidelines for error messages MCS21414.ppt Know topics as listed How decision making relates to problem solving Programmed vs non-programmed decisions Problem solving approaches Sources of managerial information Reports generated by an MIS (2 slides) Types of MIS (functional aspects) Types of reports generated by financial MIS Types of reports generated by manufacturing MIS Types of reports generated by marketing MIS Types of reports generated by human resource MIS Capabilities of a decision support system Comparison of DSS and MIS Conceptual model of a DSS Configuration of a (group) DSS Executive support systems in perspective Capabilities of an ESS Presentation of information The format should help convey or enhance the content. The format should not obscure the content. Compare Lincoln’s Gettysburg Address in text and in powerpoint See ,for example, LGA.doc vs LGA.ppt MCS21415.ppt Know topics as listed The nature of intelligence (2 slides) Comparison of NI and AI Conceptual model of AI Characteristics of an expert system (2 slides) When to use expert systems Components of an expert system Relationships among data, information, and knowledge Expert systems development Participants in developing and using expert systems Domain expert Virtual reality Expert.doc Know basic concepts as follows Intelligent Database (KnowledgeBase) consists of a database of facts(data), procedures(methods), and Rules and an automated way to connect facts and rules and reach conclusions A rule captures a set of actions to perform in response to some information (facts) Inference engine is the part of a knowledgebase / expert system which applies the rules to the facts in order to possibly reach some goal or conclusion Representing knowledge so that valid inferences can be made is called “knowledge representation” Forwards chaining - given the if part is true what conclusions can be made (made be very many possibilities) If A then B, if B then C, if C then D ---------------- given A as a fact Backwards chaining – given a goal can it be satisfied -- Consider an If Then can I justify the then part by showing that the if is satisfied …… D if C, C if B, B if A---------------------------can I justify the conclusion D by verifying C is a fact which depends on B being a fact which depends on verifying that A is a fact There is a trend to incorporate something like an “expert programmer system “ into computer languages where the difficult repetitive error prone parts of a program is done by the expert system rather than by the human programmer. This way the human developer can concentrate on the business logic rules (the most important part of the system) and not have to spend a lot of time on the overall control flow (agenda). Expert like systems already handle database interactions (SQL) and user interface/presentation issues (UI graphical designers) Imperative language -- specify in detail how to do something (java for example) In an Imperative language the emphasis is on “How to do”—the system needs to be told in detail how to accomplish something Declarative language – specify what you want done (the language itself knows how to accomplish it) (SQL, Prolog for example) In a Declarative language the emphasis is on “What to do” – the system can figure out on its own how to accomplish it (and probably in a better way than the average designer/programmer) ERP-intro.pdf Know topics as listed Historical perspective Predictions of future computing 1958 computing environment General purpose computing 1965 Proposed Model 1965 limitations Islands of information 1982 Evolution of Info Tech What is Enterprise Resource Planning Realization and improvements of the 1965 Goal Characteristics of ERPs ERP typical honeycomb structure e-Business and marketing.ppt Know topics as listed Benefits of E-business Major Trends driving E-business Traditional vs new entrants Challenging traditional value e-business structure patterns (overall view) customer relationship management (CRM – definition slide) CybersecuritySummary.doc Know topics as listed IT infrastructure is essential to virtually all of the US infrastructures IT infrastructure is highly vulnerable to terrorist and criminal attacks SCADA systems are very important and very vulnerable Acts of a hostile party can propagate far and wide It will require a tremendous effort to provide critical infrastructure protection Software is a major vulnerability in that the development process does not really provide for minimizing security vulnerabilities Cyber attacks and vulnerabilities are growing rapidly Endless security patching of systems is not the answer Perimeter defense model is inadequate and needs to be replaced perhaps with a principle of mutual suspicion Cybersecurity must become an automatic part of system development Phishing.doc Know topics as listed What phishing is Some steps to avoid phishing scams Computer Security PPT.pdf Know topics as listed What is Information Security Who are the hackers Types of Attacks Countermeasures Miscellaneous Tips SANS IT Code of Ethics.doc Know the three key principles and what they mean 1. I will strive to know myself, be honest about my capability, and understand the responsibilities of my position. (such as I will strive for technical excellence in the IT profession by maintaining and enhancing my own knowledge and skills. I will not hesitate to seek assistance or guidance when faced with a task beyond my abilities or experience. I will embrace other professionals' advice and learn from their experiences and mistakes. I will strive to convey any knowledge (specialist or otherwise) that I have gained to others so everyone gains the benefit of each other's knowledge. I will teach the willing and empower others with Industry Best Practices (IBP). I will not advance private interests at the expense of end users, colleagues, or my employer. I will not abuse my power. I will use my technical knowledge, user rights, and permissions only to fulfill my responsibilities to my employer. I will not tolerate those who lie, steal, or cheat as a means of success in IT.) 2. I will conduct my business in a manner that assures the IT profession is considered one of integrity and professionalism. (such as I will not injure others, their property, reputation, or employment by false or malicious action. I will adhere to Industry Best Practices (IBP) for system design, rollout, hardening and testing. I am obligated to report all system vulnerabilities that might result in significant damage. I respect intellectual property and will be careful to give credit for other's work. I will accurately document my setup procedures and any modifications I have done.) 3. I respect privacy, confidentiality, and diversity. (such as I respect the privacy of my co-workers' information. I will obtain permission before probing systems on a network for vulnerabilities. I respect the right to confidentiality with my employers, clients, and users except as dictated by applicable law. I respect human dignity. I treasure and will defend equality, justice and respect for others. I will not participate in any form of discrimination.) Top 10.doc Know that IT Failures are (unfortunately) rather common. Responsibility.doc Know Therac Incident as an example of almost complete incompetence in design, implementation, testing, review, documentation etc which resulted in injury and loss of lives “With great power also comes great responsibility.” Ariane5Failure.ppt Know the Ariane Incident as an example of a costly IT failure. Know the lessons learned. Don’t run software in critical systems unless it is actually needed. As well as testing for what the system should do, you may also have to test for what the system should not do. Do not have a default exception handling response which is system shut-down in systems that have no fail-safe state. In critical computations, always return best effort values even if the absolutely correct values cannot be computed. Wherever possible, use real equipment and not simulations. Improve the review process to include external participants and review all assumptions made in the code. The designer’s of Ariane 5 made a critical and elementary error. They designed a system where a single component failure could cause the entire system to fail. As a general rule, critical systems should always be designed to avoid a single point of failure. LASFailure.ppt Know the LAS Incident as another example of a major IT (not just a failure) fiasco. Know the lessons learned Focus on repairing reputation of CAD within the service; Increasing sense of ‘ownership’ for all stakeholders; Development process must allow fully for consultation, quality assurance, testing, training; Management and staff must have total, demonstrable, confidence in the reliability of the system; Any new system should be introduced in a stepwise approach Wikileaks Gov IT.doc Dangers of insecure cross domain data sharing It Pros go bad.doc The Best Defense Is Multifaceted Stuxnet.doc SCADA system attack wake-up call Doomed by Default Passwords.doc SCADA (especially legacy) systems are very vulnerable and should be checked for security problems. SCADA systems are under attack like never before, and administrators can no longer count on obscurity as their greatest protector. Cyber Threat.doc The threat of cyber attacks is very real and the threat is increasing. We are in general not very well prepared for such an attack.