Final Exam Review Sheet

*note that final exam is cumulative, but this review sheet only covers material after Midterm II

Information Security
• AIC triad
• Social engineering attacks (https://youtu.be/bjYhmX_OUQQ)
• Security controls (administrative, technical, physical)
• Security functions and frameworks (you don’t need to memorize each function of a security
control, but you should know how controls, functions, and frameworks are related)
• Information security best practices (rotation of duties)

Project Management
• Characteristics of a project
• Triple constraints
• Scope creep, scope leap, scope grope
• Project planning documents (e.g., work breakdown structure, project charter)
• SDLC (I won’t ask you about specific names of phases, but you should know what the SDLC is,
when it is appropriate/inappropriate, and the importance of requirements specification)
• Waterfall vs. agile software development methodologies

Data Management
• What is a database? DBMS?
• Entity-Relationship model (entities, relationships, attributes)
• Relationship types (one-to-one, one-to-many, many-to-many; how to model using “crow’s
foot” notation in a data model)
• Primary and secondary keys

Machine, Platform, Crowd (ch. 10-13)

• Definitions of the core vs. the crowd
• Problems arising from the non-hierarchical/messy crowd
• Ways to organize the crowd (hierarchies, markets, self-organizing structures)
• Characteristics of self-organizing structures (e.g., openness, non-credentialism, etc.)
• When and why outsiders are more effective than experts
• Cryptocurrencies and “free, perfect, instant” properties of information goods
o Outside of the general properties of information goods, I will not ask technical
questions about how bitcoin or blockchain work
• Examples of tensions in self-organizing structures (DAO, consolidation of power in bitcoin)
• The relationship between transaction cost economics and self-organizing—why might
companies be passe?
• The role of good management in the companies of the future and how to lead