Profession: paid occupation, involve training and a formal qualification = knowledge & skills & Qualifications & Certification

& Knowledge & ethical

standard. Practice: actual app or use idea, belief, or method, as opposed to theories relating to it. Professionalism: ability to suppose to do and
not to do. qualities: trustworthiness, honesty,punctuality, responsibility, leadership, confidentiality, competency. why 5990: IT(major investment
for org; critical for creating value; matters to organisations; PP provide sk and knowledge to enhance your technical sk in org context (doing well);
why important: For technical specialists, you need to understand the organisation to be a digital driver from wherever you are in the organisation.
IT value: Administration: invoices, communication, emails - v = economies of scale; Business; finance and accounting - business plans;
communications - email,message ; engineer and creative - modeling; wildlife and tourism and hospitality; v = lower costs both for; role of IT -
provide v by change business functions and processes are carried out, provide new f and enabling new business mod. Business Landscape:
Business - Globalization, Deregulation, Competition; Technology - Power of Web, Information vs. Data; Customers - More sophisticated, More
demanding; Markets - Fragmented, Mass customization. IT people need to understand the changing role and orga works: Business processes and
transformation; agile env; customer and client expectations; business value. Diversity: stronger, broader narrative about case for diversity(feel
relevant, shared goal); Accurately reflects an individual's intersectional complexity; demographic equality; lack of diverse led to under-utilization of
available talent and under recruitment of potentially valuable employees. Dispersing - Moved from niche eco product depedent on highly
specialized expertise to become a major source of economic vitality. best available talent to create value; solve important probs needs diverse
talent; bring perspectives from all backgrounds; talent-diverse env. Org: structure group of peo, particular goal, create value for stakeholders
(customer, client, shareholder, employee, communities, citizens). Org structure: top down - traditional bank, army - structure broken down into
various functions with a hierachical approach (committees board, CEO, department); networked (linked, dont store)- ride-sharing or, e-commerce
market - small headquarters, geo-dispersed satellite offices, key funcs oursourced to other firms and consultants. Value: importance, worth,
usefulness sth, as perceived by a per, or a group of peo. Org value: fundamental to everything an org does; the exists of org is to provide value
and return to stakeholder. value stream: collection of 'capabilities'. resources: what org owns - tangible&intangible; capabilities: refer to what
the org can do by using those resources. IT investment: money org spends on IT-related resources and capabilities that to create value (hard /
software, data, people, process & framework) - can be internal or external. How create org v: aligning IT and business.Org(Business) goals an
endpoint, accomplishment or target. set direction of org, measure progress (milestone), establish accountability (management), improve decision
making. Org objective: method, path and metrics that help an org achieve a goal. Org strategy: a plan to achieve the goal and objective. Diff
goals & obj: goal = direction and achieve sth; obj = methods / paths to get goal. Business model: framework for create v, a description of how
an org creates, delivers and capture v, based on business strategy. 4 components: customerss/clients/users; value proposition; financial model;
capabilities. mostly have more than 1 b model target to diff customers. Operating model: blueprint for how v will be created and delivered to
stakeholder; detailed how org condigure and re-configure (orchestrates) its capabilities to create and deliver v to the org to achieve its goals and
strategic obj; also define how org manage itself and its resources through management process, governance and culture. change to org b model
will require change to o model. IT strategy: part of org strategy, a plan for how to achieve org goals and objectives; is a plan to apply IT
inverstments to get org goals and obj; not the plan to get operational obj. IT operating model: scope & role of IT resource and capablilties; How
IT work performed, where when; how the IT investment managed; how IT governed aligned to IT strategy and turn to org strategy through IT
Governance. How IT capabilities are managed to align with org strategy through IT operating m. benefits of operating m: effectiveness (focus on
important); efficiency (best result least cost); risk management; optimised performance. IT capabilities: wht can be done by using IT resources.
Orchestrating B and IT capabilities into value streams: v stream end to end perspective of v creation form stakeholders' pov; value-adding b
and IT capabilities is confg to create v; v stream may be defined at any level of org, get requirements from various stakeholders; v stream stand for
most granular value of org, how IT is embedded with org capbilities to create v. represent IT value as org value: 1. IT operational metrics do not
represent org value, IT operational metrics can measure performance of IT capabilities and dominate wth IT strategy is not integrated with o
strategy. (IT infrastructure, solutions&services, ITSM and service desk) 2. represent IT value in terms of org measure (impact on revenue, costomer
v, stakeholder v, operational efficiency, risk mitigation) will be visible when IT s intergrate wit o s. IT Lifecycle project: A set of tasks, completed,
defined timeline to get a set of goals. by a group of peo known as the p team, which is led by a pm who oversees the planning, scheduling,
tracking, and successful completion of p. can be in-house or outsourced. characteristics: shared resources only available on a part-time basis;
Cross-functional teamwork may be required; Uncertainty, potential change; go through the same project lifecycle; Changes to the way the business
operates; Specific deadlines, time, and resource constraints. Iterative lifecycle steps: planning & requirement; analysis & desing;
Implementation; Testing; 5. evaluation and review (DevOps, Agile, IT Service Management framework). Pros: efficiency/collaboration/adaptability;
cost effective; work in parallel; reduced project-level risk; reliable user feedback. Cons: increased risk of scope creep; inflexible planning &
requirement; vague timeline. IT lifecycle: series of stages which an IT capabilities goes through from its inception to its retirement from use.
( linear to continuous IT lifecycle, enterprise arch and role in continuous IT lifecycle, ITSM framework, agile, devops). linear: linear/sequential
stages that managed the development of the app as a project. Waterfall: earlier foundation of the ProjectManagementBodyOfKknowledge and
SoftwareDevelopmentLifeCycle -- in bank IT development. require extensive docs, long lead time, return at very end, hard to change, use involve
only at begin, least maintenance, high risk, which are designed to protect banks against rework/ but increase the time to fix problem. shift to
continuous (iterative) lc: increased tech capacity and speed, and new capacity; increased sophistication and automation of Enterprise
Architecture for knowledge information relationship..for dev; ITSM process align all aspects of dev, operation and use of IT with business. -
strategey to continuous improvment; Agile: iter, small scale, incremental, collaborative, cross-func team; DevOps: integreate develop&test,
continuous release, cross func team; v stream approach: using cross-functional team; focus on aligning IT strategy with b strategy, IT governance,
and compliance; focus on representing IT value in terms of b value. elements of a continuous ITLC: plan aligned with business strategy (align b
strategy); establish requirement, design, building, testing; deploy to live env (integrate) and measure performance; monitor value to org, refine and
improve; Enterprise arch: address complexity and change on a large scale. TOGAF: b arch: define b strategy, governance, org, key business
processes. data arch: structure of an org's logical and physical data assets and data management resources. app arch: blueprint for the individual
systems, intercation bewteen sys, relationship to core b processes of org for integration, Tech arch: hard / software, network to support dev.
repersentations: structure of components (b & IT capabilities); inter-dependence of their relationships; principles and guidelines governing their
design & evolution always align with org strategy. benefit: improve decision making, improve adaptability to change demands or market
conditions; elimination of inefficient and redundant process; optimize of the use of orga resources and capabilities; support org changes for
redesign and reorganization; facilitate collaboration across the org; faciliatte the use of framework, methods and approach as a single source of
info. ITSM: strategic approach to IT management that deliver v to customer/user continuously with increased efficiency and effectiveness. Core
concept: orgs' IT-based outcomes should be deliver continuously; through a set of policy, process, tool and skill for both devleopment & operation;
create v aligned with org goals and strategy; rather than be the result of a devleopment project handed over to a separate domain of operations to
be run. Agile: seeks the continuous delivery of small pieces of working software in rapid iterations to improve flexbility, adaptability and customer
satisfaction; consist of small, cross-func teams regularly meeting, based on 4 values, 12 principles. 4 charact: Individuals and interactions over
processes and tools; Working software over comprehensive documentation; Customer collaboration over contract negotiation; Responding to
change over following a plan. DevOps: combines business planning, software development and operations into a single cycle of processes which
overlap; deliver value from investment in IT capabilities based on agile principles; create business value by: increasing software reliability and
flexibility; enabling a faster time to market to quickly seize market opportunities; enhancing customer exp from faster fb cycles; facilitating
innovation. automated tools and environments for xxx. pros: speed, rapid delivery, reliability, improved collaboration. security by break larget p
into smaller deliverables. Team: group of peo work together to get a goal. achieve effective teamwork: look at the group climate & the process
in which they will complete their tasks. practices: priority and reward teamwork; Clarify roles, responsibilities, and accountabilities; Set clear goals;
Communicate; Make decisions together; trust; Examine & improve; Celebrate differences. 3 attribute a success gp : satisfy internal & external
clients; develop capabilities to perform in future; members find meaning & satisfaction. 5 factors increase chances: a real team; compelling
direction; enabling structure; supportive context; expert coaching. Effective characteristics: Good communication; Individual talent; Team sense
of belonging; Strong leadership; Clear structure; Feedback; Positive attitude; Solution-focused teams. strategies improving gp dynamic: setting
up the group (positive org sys such as draw up team constitution & open discussion); dealing with diff (diff background); deal negative behavior.
Talent Sourcing Process: Create a plan & strategy; excute plan & strategy; Vet talent pool; Move qualified candidates through the talent pipeline.
talent Manage Proces Model: plan: understand b strategy, measurement / evaluation, workforce plan; attract: marketing, employee value
proposition, talent acquisition, freelance / consultant; develop: on-boarding, performance manage, learn & develop, career pathway; retain: culture,
remuneration strategy; transition: success plan, internel mobility, retirement, knowlege manage. key challenges talent source: Attract
candidates with the right skills; Find the ideal candi profile; Build a strong employer brand; Sourc candi proactively; Ensure fair & equitable sourcing
processes. Manag IT Talent: Detailed Job descriptions; Person org fit; Collaborate-coach-evolve; Reward and recognising right; chance for continous
improve. (original) Change manage OCM: proj: process tools lead people side, org: leadership, strategy to increase c capacity, why employee
resistance and the ineffective management. Diff C manage & pro manage: pm focous on technical side (design dev deliver solution effectively),
cm focus on peo side (embrace adopt utilise solution). key roles in cm: Executives & senior leaders: role of sponsors of change, middle and
supervisors: role coach for direct reports. Enabling: cm resource or team: apply approch & enable others; proj team: integrate peo side; support
funcs: provide expertise. why cm 3 perspective: connect cm to b result; mitigate negative result; tunr cm to financial performance. OCM model:
McKinsey7S (business impact): Structure, Systems, Styles, Staff, Skills, Strategy, Shared value; ADKAR 5 building block (link b & peo): Awareness
(need to c/nature of c), Desire (support c/participate and engage), Knowledge (how to c / how to implement new skills and behavior), Ability
(implement the c/demonstrate performance), Reinforcement (sustain c/build a culture and competence around c); Kotter / Kubler Ross (employee
response); Lewin (sequencing). Theories and perspectives (Psychology): c agents must be conscious of both a senders’ mentality and the
receivers’ orientation; Employee resistance is the norm, not the exception. Expect some to never support the c; Visible and active sponsorship is
not only desirable but necessary for success; v systems impact on how employees react to c; The size of the c determines how much and what kind
of c management is needed; The “right” answer is not enough to successfully implement c; Employees go through the c process in stages and go
through these stages as individuals. John Kotter 8 Step C Model: increase urgency; build guid team, get right vision; communicate for buy-in;
empower action; create short-term win; dont let up; make it stick; 3 create a climate for c; 3 engage the org; 2 implement & sustain c. Info: data
collection can be process, organ, structed, to convey knowledge, ideas, instructions. find: materials have ideas and info. print / non-pri. Data: fact,
phenomena; Info: organized; knowledge: pattern; widom: apply knowled of patteen to predict. Info Reliability: measurements or observations,
same conditions will yield consistent results. Info validity: accruacy, correct relect facts. levels: primary source; secondary sources; expert
opinion; uninformed opinion; evaluate: authority of source; suitability of material; sufficiency of material. Relevance / Expertise Of Author/ pov of
Author/ Intended Audience/ Evidence / When Published. proj estimation steps: determine size; effort; resources; duration; cost. 6 approaches
to estimate: function point analysis (classify components as simple avg complex, assign function points, yield unadjusted func p; copute technical
complexity factor, FP = UFP * TCF); algorithmic cost model (compute cost, duration, SLIM, PriceS, COCOMO, unbiased but underlying assumption),
empirical model: func mimics trend in obervation, can be used to predict, but not explain ; component matrix; expert judgement (pros: relatively
cheap; little time & effort, applied early in cycle; rather subjective, cons: depend on exp and judgement, suitable expert, meet similar situation,
assume they get reliable data); sum of the parts (sure WBS, suitable detail important, hard part: WB, duration, dependen); estimation by analogy
(pros: systematic fast, applied early, nece data; cons: need large data). Quality Assurance: process-centered approach, process ensure that
quality is achieved, focus on enhance & improve process than result. QControl: p to identify whether the q is achieved, verify. q criteria: requires &
expectations stakeholder have for the deliverablesand p; based on various factors customer needs, industry standards, regulatory compliance, best
practices or internal policies. q standard: benchmarks or guidelines that use to measureand evaluate the q of deliverables and processes; q =
reach stated objectives or desired costs, or both. q metrics: track and report the q of project deliver & process; Based on various dimension such
as functionality and reliability.. Diff QA QC: QA not involve excuting, QC does; QA plan QC excute; QC make sure result and verify. QA avoid q
problems before get into final results. ISO9000 (QA standard) set of standards that a company implement to show to customers are committed
to delivering q products and services to customer. based on 7 principles: customer focus; leadership; engagement of peo; process approach;
improvement; evidence-based decision making; relationship management. Certification: customers require; marketing tools; reap improvements
as a result of meeting the standards; organ needs to determine if ISO is for them. pros for q system: q is customer demands; ensure meet org
goals effectively and efficiently; ensure consistency in day2day operations; ensure p repeatable & predictable; create & retain satisfied customers;
improve efficiency, reduce operating costs and minimize unproductive time. q audit: review & provide feedback, assurance & suggestions; collect
and evaluate evidence to determine whether a computer system safeguards assets, maintains data integrity, achieves organisational goals.
Efficiency: get more with same effort; effectiveness: effort achieve desired outcome. Deming Cycle (Plan-Do-Check-Act) pros: facilitates
continuous improvement; flexibility; simple yet powerful. Capability Maturity Model: m level: 1. Initial: p are not reliable or repeatable, outcomes
vary in q; 2. Managed: requirements are managed, planned, performed..., commitment established and revised, reviewed and control; 3. defined: p
well characterized and understood, managed proactively; 4. quantitatively managed: use as criteria; 5.optimised: focus on improving through
incremental and innovative tech improvement, revise and reflect. Scope of audit: physical&env review; system administration re; app software re;
network sec re; business continuity re; data integrity re. key areas of audit: Availability: system be available for the business at all times, protect
against losses and disasters; Confidentiality: info be disclosed only to those who need it; Integrity: will info always accurate, reliable and timely,
how to against unauthorized modifications. Audit is to corporte governance, regulatory requirements, asset owner request, operations review. risk
based approach: conduct an inventory of the info system and categorise them; Identify which sys impact critical functions; assess risks assign a
severity rating to them; rank system and decide audit priority, resources and schedule. benefits: align with strategic obj; improve efficiency and
effectiveness; enhance stakeholder satisfaction; support continuous improvement; facilitate risk manage. audit process: planning: define obj &
methodology; filedwork: get evidence to gain obj (interview, doc..); report: tell audit results (draft report, get corrective plan, final report); follow-
up: review plan and result (interview staff, review new process & doc). Testing Phase: requirement: requirement review; planning: schedules,
resource; design: case, scenario; development: unit t; Integration: intergation t; system: sys t; acceptance: user acc t; release: deployment testing;
maintenance: regression testing. Component (unit) t: white box; integration t: interface; sys t: meet req, business p, workflow. performance
t: under max load; soak t & stress t: sys stable over extended period, load increased until fails, check effects of over-load. acceptance t:
compare sys functionality against agreedon user require, client use scenarios. Load t: modeling the expected usage by simulating multiple users
access concurrently. Import for multi-user systems, often using client/server model. Soak t: significant load extended over period of time, behaves
under sustained use. Stress t: unreasonable load, deny resources needed (RAM, disc, mips, interrupts...). Top-down: start from higher-level,
require stubs or drivers for low-level components; pros: early validation of sys functionality, support high level design; cons: dependencies on
imcomplete lower-level comps, delayed system t. Bottom-up: start lower-level modules; may require lower-level comps; pros: early detection of
critical comps issues, support parallels devs; cons: may require extensive use of stubs and drivers; complex coordination. Functional: foucus on
features actions,behavior, for sys functinality. Non functional: performance,security,usability,scalability...response time,encryption, user
interface,concurrency. Security Management Framwork: ITIL s m; Cobirt; NIST Cyber s framework: 5 functions: identity (b env, risk assess),
protect (assess control, data secure), detect (anomalies & envent, monitor), respond (analyse, mitigate), recover. challenge of s m: user attitude;
up to date threats; configuration management; lack of understand by senior manage. 5 category threat: unintentional acts (human error, ignore);
natural disasters;. technical failures; management failures; deliberate acts. protect data from: privacy, accuracy, property, accessibility. factors
make sec hard: more complex/distributed system; cleverer criminals; crimes not detect for long period; management unaware; benefits hard to
quantify. biggest threat: user (leave door open, not care passwd..). plan for b continuity: backup, disaster recovery, sys audit. Malware kind:
Denial of service (emails & spam); Clandestine acquisition: trojans; Zero-day attack: specific actions; Phishing; DoS; spyware; viruses; worms.
Sercurity manage CyberSec: cs sys, network, data from digital attck, unauthorized access. Info sec: info includes physical, electronic, analog.
General Data Protection Regulation GDPR: key aspects: 1.scope and applicability (apply to all org); 2. consent and lawful bassi for processing
(consent to p customer’s data); 3. enhanced rights of peo (can object the p of their data); 4. data protection by design and default (use data p
measure for any d p activity; only necessary is process); 5. Data breach notification (notify customers if exceed rights); 6. data protection officer; 7.
international data transfers; 8. accountability and penalties. individual right: informed consent; access to info (org must explian usage..);
Anonymity or Pseudonymization (prevent trace back to peo); Rectification (collect right data); Objectionor Restrictionof Data Processing (leagl
reason); Data Portability (request compliance if transfer); Erasure or Right to be Forgotten; Breach Notification. CyberSec Standards: ISMS
comprehensive sec controls; NISTC cyber s Framework: manage and reduce cyber s risks across critical infrastructure; PCI DSS: secure payment
card data; HIPAA: c s in healthcare info. Cyber Threat Types: Malware: malicious; Ransomware encrypts data and demands a ransom for release;
Phishing; Distributed Denial of Service (DDoS) attacks disrupt services. Technical control, Physical c hardware, facilities, Administrative c training
employee, policy. Psw Attc: Brute Force: try all; Dictionary: prebuilt; Rainbow: precompute hash table; Social engineer: psychological maniuplate.
STRIDE: spoofing, tampering, repudiation, info disclosure, denial of service, elevation of privilege. Business Continuity: focus b operation, long
term sustaianability, crsis manage + plan, including Disaster Recovery: focus IT sys & data, min IT downtime, short term, data recover + buckup.
Cloud Type: public; private: in org device or third party; community: orgs shared resource; Hybrid. IaaS full use Hptervisor, infrasturecture service,
more customer responsibility (huge); Paas: lack of OS, VM, use App server as Hypervisor than Iaas, container ser (dev); Saas: lack Application
layer than Paas, managed ser, least customer res (small, diff locate). CIA traid: Confidentiality(authorization), Integrity(avoid manipulation),
Availability(access by user). Communication help make writing clear: structure & cohesion. professional w characteristics : clarity (clear
structure & logical, simple & complete explain); precision (no confusion); objectivity (supported evidence); brevity(effective & efficient). Paragraph
Components: relate to same idea in topic sentence; Flesch Reading Ease; check spell, grammar, readability; dont use ‘vague’, exaggerate, arent
exact words; no biased. 3Cs: clarity, coherence, consistency (format). presentation anatomy : message; structure; timing; physical factors;
personal factors(know audience, yourself); visuals (PPT). Ethics. Etiquette, law, moral, personal (honesty, loyalty, integrity, respect, selflessness,
responsibility) & professional ethics. Teleological e: base on goal; Consequentialism: based on outcome. Egoism: base on individual situdation;
Utilitarianism: for all peo. Deontological: based on duty. ACS: Code of Professional Conduct: Primacy of the Public Interest; improve Quality of
Life; Honesty; Competence; Professional Development; Professionalism. Decision making Business Intelligence: data - extract transform load -
OLAP enables the b to make intelli, fact-based decision. Aggregate data -> present d-> enrich d-> decision. Important: With BI, you can get data in
a timely manner. unstructured data: raw data, upload, categorize, tune, analyze. BI sys 4 key comps: data warehosue keep internal and
external d; analytic tools to manipulate, mine and analyze; indicators to monitor and analyze performance; user interface. Benefits: single, reliable
presentation of info; alignment of an org of KPI and metrics; integrated access to multiple d sources; faster collection and dissemination of info;
graphical presentation of KPIs and metrics; quicker, better, fact-based decision making . Extract Transform Load tool: extract d everywhere,
transform d to fit needs, load data into target database / warehouse. data warehouse: physical repository wherer relational data are specially
organized to provide enterprise, wide, cleansed data in standard format. Benefits: one view of the corporate data; user to perform analysis; a
consolidated view of d; better quality d; more timely info; enhance sys performance; simplified data access. Online Analytical Processing: tools
for decision making; approach to answer multi-dimensional analytical queries; Part of the broader field of BI; include reporting and d mining.
decision making: indentify problem; gather info; consider outcome; make d; evaluate d.