Organization: Group of people with shared goals; University. Check modules working together.

System Testing -> Validate

Key Phases in a Traditional Linear IT Lifecycle: 1. Initiation: end-to-end functionality. User Acceptance Testing (UAT) ->
Identifying needs, defining objectives, securing funding. User confirms system works as expected. Regression Testing -
2. Planning: Defining scope, timelines, resource needs. > Ensure new changes don’t break old functionality.
3. Development: Building the system or product. 4. Testing: [Type -> Focus]: Black-box -> Test input/output without
Ensuring the product meets specifications. 5. Deployment: knowing code. White-box -> Test internal logic and structure.
Delivering the product to users. 6. Operations/Maintenance: Smoke Testing -> Initial sanity test (does it launch?)
Ongoing support, updates, improvements. 7. Retirement: Stress Testing -> Test limits and capacity. Exploratory Testing -
Decommissioning outdated systems. > Creative, unscripted testing.
Modern IT Lifecycle Approaches: 1. Agile: Iterative [QA Standards and Models]: ISO/IEC 25010 – Quality model
development; Quick adaptability and collaboration. 2. DevOps: for software. IEEE 829 – Test documentation standard. CMMI
Dev+Ops integration; Automation, fast deployment. 3. ITSM – Maturity model for process improvement. Six Sigma –
(ITIL): Service Management; Standardized processes, reliability. Reduce defects using data-driven methods.
4. Enterprise Architecture (EA): Strategic alignment; Long-term [Aspect>Testing>Debugging]:Purpose>[Link]>[Link]
evolution and efficiency. s. Role>QA/tester>Developer. Output>Bug report>Code fix.
Success factors opp to this is fail – Causes: Clear requirements, [Type>Description]: Functional Testing>Verifies the software
strong leadership, stakeholder engagement, skilled team, functions as expected. Non-functional Testing>Focuses on
effective PM, good communication, realistic timelines. performance, usability, scalability. Regression Testing>Ensures
=> Project Manager, Business Analyst, Developer, Tester(QA), old features still work after changes. Exploratory
UX/UI Designer, Security Specialist Testing>Informal, simultaneous test design and execution.
Group Dynamics and Conflicts: Tuckman’s Model: Forming- Smoke Testing>Basic tests to check major functionality.
>Storming->Norming->Performing->Adjourning [Level>What It Tests]: Unit Testing>Individual components
Agile Team: Cross-functional; Iterative planning; Daily Stand- (functions, methods). Integration Testing>How components
ups; Collective Ownership. Traditional Team: Role-specific; Big work together. System Testing>Whole system against
upfront planning; Weekly status updates; Manager-driven requirements. User Acceptance Testing (UAT)>End-user
Good Decision-making depends on: Access to accurate validation. [Type>Knowledge Required>Example]: Black
information; Evaluating information quality; Filtering irrelevant Box>No internal code knowledge>UI testing. White Box>Full
or biased content access to source code>Logic path testing. Grey Box>Partial
[Type -> Example]: Primary -> Interviews with users or knowledge>Database validation + GUI.
stakeholders. Secondary -> Reading academic articles or [Technique>How It Works]: Boundary Value Analysis>Test
vendor documentation. Applied -> Benchmarking tech tools, edge cases (e.g., min, max). Equivalence Partitioning>Test
testing software Exploratory -> Studying unknown problems. representative inputs from groups. Decision Table Testing>Use
[Technique -> Description -> Use Case]: Expert Judgement -> rules and combinations. State Transition Testing>Validates
Based on team or SME experience -> Fast but subjective. state changes (e.g., login → logout). Error Guessing>Based on
Analogy Estimating -> Compare with past projects -> Works if tester experience.
similar projects exist. Bottom-Up -> Estimate each task, then [Tool>Use]: JUnit>Unit testing in Java. Selenium>Web
add up -> Detailed but time-consuming. Top-Down -> High- automation. Postman>API testing. JIRA>Bug tracking and test
level estimate of full project -> Quick, used in early stages. management. Jest>JavaScript testing framework.
Three-Point Estimation -> (Optimistic + Most Likely + [Aspect>Manual>Automation]: Effort>Human-executed>Tool-
Pessimistic)/3 -> Balances risk and reality. Function Point driven. Best for>Exploratory, UI tests>Repetitive, regression.
Analysis -> Measures software by number of “features” -> Used Tools>None>Selenium, Cypress, JUnit
in software development. Story Points (Agile) -> Assign relative [Principal CIA]: Confidentiality, Integrity, Availability. [Threat]:
size to tasks -> Agile teams using Scrum/Kanban. Malware, Phishing, DDoS Attacks, Unauthorized Access, Social
[Risk -> Impact]: Over-optimism -> Under-budgeting, missed Engineering. [Legal frameworks include IN AUSTRALIA]:
deadlines. Lack of data -> Unreliable estimates. Ignoring Privacy Act 1988, NDB Scheme (Notifiable Data Breaches)
Complexity -> Project overruns. Ignoring risk -> Leads to failure [Framework>Purpose]: ITIL>Service management including
in uncertain areas. security controls. COBIT>Governance and risk compliance.
[Aspect -> QA(Process-focused) -> QC(Product-focused)]: Goal NIST Cybersecurity Framework>ID–Protect–Detect–Respond–
-> Prevent defects -> Detect and fix defects. Methods -> Recover. [GDPR: The General Data Protection Regulation]:
Standards, audits, process improvement -> Testing, inspections. Why GDPR Matters - Applies to any organisation that manages
When -> During development -> After development. Example - EU citizens’ data; Australian companies are affected if they offer
> Code review process -> Finding bugs in testing. services to or monitor EU residents. Key Principles: Lawful, fair,
[Attribute -> Description]: Functionality -> Does it meet user and transparent processing; Purpose limitation and data
requirements? Reliability -> Does it work under expected minimisation; Accuracy, integrity, and confidentiality.
conditions? Usability -> Is it easy to use? Efficiency -> Is [Right>Description]: Access>Know what data is stored.
performance acceptable (speed, load)? Maintainability -> Can Rectification>Correct inaccurate data. Erasure>"Right to be
it be updated easily? Portability -> Can it run across forgotten". Restrict processing>Limit use of data. Data
environments? portability>Move data to other providers. Object>Withdraw
[Technique -> Description]: Code Reviews -> Peer checking of consent to data usage.
code for standards, bugs. Static Analysis -> Automated tools to [GDPR Enforcement & Impact]: Heavy penalties for non-
analyse code without running. Pair Programming -> Two compliance: up to €20 million or 4% of global turnover;
developers work together to reduce defects. Test-Driven Encourages "Data Protection by Design and Default"; Promotes
Development (TDD) -> Write tests before code. Process Audits accountability and proactive security.
-> Ensure procedures are followed properly. [Framework>Purpose]: ISO/IEC 27001>Defines an Information
[Tool -> Purpose]: Unit Testing -> Check Security Management System (ISMS). NIST Cybersecurity
functions/components individually. Integration Testing -> Framework>Identify, Protect, Detect, Respond, Recover. PCI
DSS>For secure payment card processing. HIPAA>Protects Life, Honesty, Competence, Professional Development,
healthcare data in the U.S. Technical>Firewalls, encryption, Professionalism. ACM / IEEE-CS Code of Ethics: Contribute to
access control. Administrative>Policies, training, background society, Avoid harm, Be honest/trustworthy, Be fair/non-
checks. Physical>Locks, security guards, CCTV. discriminatory, Respect IP, Respect privacy, Honor
[Best Practices in Cybersecurity]: Use strong, unique confidentiality, Work within competence, Secure systems,
passwords; Apply multi-factor authentication (MFA); Enable Public good, Infrastructure care. [Link] Ethics: Corporate
HTTPS, encrypt sensitive data; Patch/update software Social Responsibility: Organization's impact on
regularly; Train employees in cybersecurity awareness; Monitor society/environment. Fourth Bottom Line: Profit, People,
logs and alerts; Develop an incident response plan. Planet, Progress/Purpose/Principles. [Link] Studies /
[Concept>Meaning]: Zero Trust>"Never trust, always verify"; Scenarios: Common Themes: Data mining (consent), Privacy
EDR>Endpoint Detection and Response; SIEM>Security (data sale, unauthorized access), Conflicts of Interest,
Information and Event Management; Vulnerability Intellectual Property (piracy, code duplication), Unreliability
Scanning>Automated risk assessment; SOC>Security (Therac-25), Intentional Wrongdoing (VW emissions, StuxNet).
Operations Centre; Type>Explanation; Brute-force>Try all Key Lesson: Ethical dilemmas are complex and often involve
combinations; Dictionary attack>Try common passwords; trade-offs between competing values. [Link]:
Rainbow table>Use hash lookup tables; Social Writing: Clarity, Structure, Logic, Precision, Objectivity, Brevity.
engineering>Trick users into revealing passwords. Topic sentence, body, conclusion. Oral: Clear message,
[Good Writing Skills in IT]: You’ll be expected to write- structured talk, timing, visuals, audience focus. [Link]:
Software requirements specs, Project proposals, Funding Definition: Processed, organized data conveying knowledge.
requests, Incident reports, technical documentation, Emails to Usefulness: From technical to strategic. Plagiarism: Using
stakeholders. Good writing is: Clear, Concise, Accurate, Well- others' work without attribution. [Link] Work: Success: Equal
structured. contributions, full discussion, mutual support, quality results.
[Characteristics of Professional Writing]: [Trait>What It Problems: Logistics, task allocation, coordination,
Means] - Clarity>Easy to understand, no ambiguity; commitment. Improvement: Team constitution, clear systems.
Precision>Uses exact terms and definitions; Objectivity>Based [Link] Change Management (OCM): Definition:
on evidence, not opinions; Brevity>Efficient and to the point. Structured approach to manage people-side of change for
[Focus Area>Key Tip]: Writing>Use clear, structured successful adoption. Focus: Employee engagement, alignment
paragraphs with evidence; Oral Communication>Engage with goals, sustainable change. States: [Link]: Existing
audience with voice and visuals; PowerPoint>Simple, readable, systems/processes (e.g., legacy software). [Link]: Change
focused slides; Common Errors>Avoid vagueness, jargon, and implementation (e.g., training for new IT system).[Link]:
poor formatting. Desired state with adopted changes (e.g., efficient cloud
Types of ethics: [Type>Description>Example]- Personal system). [Kotter’s 8 Steps for Change]: [Link]: Highlight
ethics>Your own sense of right/wrong>Helping someone in need (e.g., outdated system risks).[Link]: Form influential
need; Professional ethics>Standards for workplace team (e.g., IT/business leaders). [Link]: Define clear goal
behaviour>Respecting user privacy in software; Common (e.g., 20% better customer satisfaction).4. Communicate:
morality>Societal norms>Don’t lie, don’t harm. Engage employees (e.g., workshops). [Link] Barriers:
[Ethical Dilemmas in IT]: Ethics in IT often means: Can I do it? Eliminate obstacles (e.g., training). [Link]-Term Wins: Achieve
vs. Should I do it?. Real-world unethical IT behaviours: Copying early successes (e.g., beta test success). [Link]: Build on
software (piracy), Disclosing private user data, Misusing admin gains (e.g., expand system use). [Link]: Embed change in
privileges, Writing flawed or insecure code intentionally, Failing culture (e.g., new system as standard).
to report security flaws. [Major Ethical Frameworks]: [Link] Success and Failure: Standish Group Chaos Report:
[Framework>Principle>Example]-Deontological (Kant)>Follow Many projects fail due to exceeding cost/effort (common
duty/rules>Don't lie, even if truth hurts. reasons: lack of user involvement, executive support, clear
Utilitarianism>Greatest good for most>Sacrifice one to save requirements).
many. Egoism>Act in own best interest>Invest in secure [Link] Lifecycles and Processes: Project: Accomplishment,
software to avoid lawsuits. Contractarianism>Honor social shared resources, cross-functional, uncertain, deadlines.
contracts>Respect company privacy policies Enterprise Architecture (EA): Align IT with business,
[Codes of Conduct]: ACS Code of Professional Conduct standardize planning. ITSM/ITIL: Best practices for IT service
(Australia)- Public interest first, Enhance quality of life, Honesty management (Strategy, Design, Transition, Operation, CSI).
& trust, Competence. ACM/IEEE Code (Global)- Avoid harm, Be Agile: Flexibility, collaboration, iterative, continuous feedback.
fair, honest, Respect privacy, Ensure robust, secure systems, DevOps: CI/CD, automation, faster delivery. Value Stream:
Work within your area of competence. Sanctions for Breach Optimize end-to-end processes for customer value.
(ACS)- Warning (Admonition), Reprimand, Fine, Suspension, [Link]: GDPR (General Data Protection Regulation):
Expulsion, Mandatory PD (Professional Development) Data breach notification (72 hrs), DPO, International transfers,
[PPIT Cheat Sheet Summary]: [Link]: Definition: Right vs. Accountability/Penalties (up to 4% turnover), Individual Rights
Right. Moral standards, not just laws or etiquette. Key (Consent, Access, Erasure, Portability). Standards: ISO 27001,
Questions: How to decide right? Workplace vs. Personal? Judge NIST, PCI DSS, HIPAA. Threats: Malware (viruses, ransomware,
others? "Wrong" for one, "right" for another? Ethical Principle phishing), DDoS. Best Practices: Strong passwords, MFA,
Guidance: Public Interest First, Honesty/Trust, Avoid Harm, Updates, Phishing awareness, HTTPS, Encryption, Backups,
Respect Contracts. Ethical Frameworks: Teleological: Judge by Least Privilege, Training, Incident Response. Biggest Threat:
result (e.g., Utilitarianism – greatest good for greatest number). Users (carelessness). Business Continuity: DRP (Disaster
Deontological: Judge by duty/rules (e.g., Kant – Recovery Plan) and BCP (Business Continuity Plan) essential.
universalizability). Egoism: Benefit self. Contractarianism: [Link] Audits and Process Improvement: Auditing:
Morality by agreement. Golden Rule: Do unto others as you Evaluate system for asset safeguard, data integrity, goal
would have them do unto you. [Link] Frameworks: achievement, efficiency. Process Improvement: Processes are
ACS Code of Professional Conduct: Public Interest, Quality of building blocks (Deming, CMMI).