Quicksort is much more efficient thn selection sort. It sorts the data into two halves, one with values above a pivot value and one with values below the pivot value. Then it repeats this process on each half. Selection sort looks through the unsorted values repeatedly finding the value that is lowest in the sort order each time and moving it to the front of the unsorted values. This is a much less efficient process than Quicksort.

Binary search is much more efficient than linear search but the data must already be sorted for it to work. Binary search divides the data in half each time discarding the half that does not contain the search term. Linear search uses a brute force approach by looking through every item in a list.

• XML makes it easier to move data between systems as it conforms to a standard
• XML can be read by both human and computer (more human readable than CSV).
• XML can store more complex structured (hierarchical) data.
• If an XML file structure is change it will usually continue to work with existing software, but if you change the structure of CSV (for example by inserting a new column) the code may need to be changed for a program to continue working.
• Managing XML requires more complex code than CSV

• An array is a simple list of values all of the same data type. The list is ordered and each item is identified by a numerical index.
• An associative array or dictionary is a list of key:value pairs. The values can be different data types. The list is not ordered as each value is accessed using its key.
• A record contains a series of values stored in fields. The fields can be named and the values can take different datatypes. A record is usually part of a series stored in a recordset or database table.
• A class is a template used to organise data and related program code. A class can contain properties (values), methods (functions it can perform) and events (things it can respond to). To use a class we create objects based on the class template.

• Surveys can be given to many people and are cheaper when collecting data from a large number of people. They collect quantitative data that is quick and easy to process and analyse. They are not suitable for collecting detailed responses and qualitative data.
• Interviews can take a lot of time especially if many people need to be interviewed. This makes them expensive. They are good for collecting detailed qualitative data as they allow for follow-up questions to get clarifying information about responses. They are useful to elicit feelings, attitudes and opinions.
• Observations involve watching a system in operation and can be good when there is an existing system that needs to be improved or when a new system will automate work that is currently done manually. They can be good for gathering unbiased information since individuals aren't asked questions, but they can be expensive and it can be hard to get a complete view if the observation is taken on a quiet day for example or if the observer only gets to see part of a long process.
•  Reports can be a fast and cheap way to gather a large amount of data very cheaply if there is already recorded data available for review. They can be unreliable if the collected data is biased or innacurate or not representative of the current system.

Functional requirements relate to the input required, output developed and functions of the solution.

Non functional requirements relate to characteristics of the system such as usability, reliability, portability, robustness and maintainability.

• A mock up is a drawing showing features of the design and can be annotated with a lot of detail.
• A data dictionary is a list of all of the types of data used in the solution and can be used to plan the variables in a piece of software.
•  Object descriptions can describe the different properties, methods and events in a class of object.
•  Pseudocode is a language used to plan and develop algorithms at the design stage.

Use Case Diagrams are used at the Analysis stage to… Describe the interfaces between users and the information system (which includes the software) Assist in determining solution requirements

Data Flow Diagrams show how data in a system is sourced, processed, stored and used. Like UCDs they can be useful in determining solution requirements.

A context diagram is a simple version of a Data Flow Diagram that represents the system as a single process and shows the external entities that provide data to the system and use data from the system.

A Software Requirements Specification is a document that summarises the findings of the Analysis stage including the functional and non-functional requirements, the constraints and the scope.

Example Responses:

• The first design idea is not necessarily the best one
• A different design may be better suited in meeting the client's demands
• Designs can be a personal choice; providing a range allows the client to choose what would suit them the best.

• Waterfall: Simple to understand and use Includes analysis, design, development and evaluation phases (can be described with a maintenance phase at the end) Each phase must be completed fully before the next phase begins Good for projects with small scope, clear requirements, many dependencies Unlikely to produce cost blowouts End of project is well defined Lacks flexibility, limited opportunities to rectify inadequacies in completed phases.
• Agile: Results in incremental releases building functionality over previous ones Good for time critical applications and projects where client needs are unclear or changing Provides freedom to make changes to the solution requirements and design in each cycle Enables clients to be closely involved with developers Timelines may expand as requirements are added in successive cycles
• Spiral: Better for risk analysis and where the best method to address the risk is not clear, quicker response to risks Includes cycles (spirals) with 4 phases: planning, risk analysis, engineering, evaluation Each spiral produces a partially complete prototype that can be evaluated to see if the risk is acceptably managed Cycles are repeated until a solution that manages the risk acceptably is produced Prototypes developed quickly, testing begins early Can be more expensive and require more documentation and analysis between stages.

Evaluation criteria are created at the design stage so that we know how the success of the solution will be judged and can create designs that achieve this. The evaluation criteria are then needed to choose between different designs and determine which one should be developed.

Functional testing ensures that a solution is logically correct and behaves as expected (according to functional requirements. Whereas usability testing focuses on user experience and any issues that arise within the client’s use of the solution, i.e. can they use it easily?

The effectiveness of a project plan can be determined by assessing the project plan against the project’s scope and timeline (as opposed to the effectiveness of a project, which can be determined by assessing the project against the evaluation criteria developed in the design stage).

Testing involves checking if a solution is working as it was designed to (giving correct output, working fast enough, responding to user inputs properly). Evaluation how well the solution meets the requirements of the client as identified during the analysis stage.

Key Knowledge:

• Consider the functional and non-functional requirements of the solution.
• Look at design principles to formulate criterion links to one of the principles.
• Use the measures of efficiency/effectiveness to formulate a question or statement.
  

Example Responses:

Design evaluation criteria can be developed based on the functional and non functional criteria, such as using the design principles for non functional aspect. These help determine a preferred design by giving a somewhat objective method of selecting a design, reducing indecision or subjective evaluation.

Key Knowledge:

An evaluation strategy must indicate when the evaluation should occur (eg 3-6 months after implementation) and how they would go about the evaluation (interview, survey or direct observations).

Example Responses:

3-6 months after the implementation of the solution, they should conduct interviews with the users. This data could be used to determine to what extent the solution meets both the functional and non-functional requirements.

Internal documentation is the notes and comments written by a programmer within the code itself. It includes information about the program as a whole, as well as about each of the classes, functions, methods, objects, algorithms, etc. within it. It is often combined with meaningful, well-named variables to create manageable and effective code.

Internal documentation makes the code easier for other developers to understand and helps to reduce errors and make the code easier to correct and maintain.

• Social engineering is when a hacker manipulates people and human nature to extract sensitive information.
• SQL injection is when a hacker inserts SQL code into an unsecured web form in order to run code to access or damage a database.
•  A Man-in-the-middle attack is when a network connection of transmission is hijacked by an attacker. This will often be changed and resubmitted so that the sender and reciever are not aware. The intercepted data may be used directly by the hacker, or the changed transmission may be used to trick the sender or reciever into performing an action.
• Cross-site-scripting occurs when an attacker is able to enter code into a web page, often using an insecure web form. The attacker can then direct users to the page (often using a link in an email or SMS) at which point the code will run and may breach the security of the user's system.

Software auditing involves an independent person checking code for errors and performance requirements or other issues such as compliance with the security standards or legal requirements.

Key Knowledge:

A recommended backup strategy could include:

• Frequency (daily, weekly)
• Media (tape, SSD, cloud)
• Location (cloud, offsite)
• Type (full, any type of partial)

Example Responses:

The organisation should complete a full back up once a week, with incremental back ups daily. These back ups should be stored on an SSD (solid state Drive) and should be locked securely in the store's office. In addition, a copy of the backup should be located off-site. The store could use a wifi connection to store a copy of the back up in a cloud service in addition to the SSD onsite.

Key Knowledge:

* The Privacy Act 1988 applies to Federal government agencies and contractors and private businesses with an annual turnover over $3 million
* The Health Records Act 2001 Applies to organisations in Victoria dealing with health related information
* The Privacy and Data Protection Act 2014 applies to Victorian government agencies and contractors.

Key Knowledge:

• Types of threats include accidental, deliberate and events-based
• A strategy involves a series of steps.
• General strategies that may apply in a range of situations: Access restrictions prevent individuals from having too much access, minimising the damage from a breach. Use strong passwords and change them regularly, do not use the same password in multiple places. Use multi-factor authentication. Implement lockouts on login forms for multiple failed login attempts.
• For Social Engineering: Training is essential to ensure staff can identify a social engineering attack
• For cross-site scripting: Ensure all web forms are secured so that data is checked for malicious code especially if it is to be redisplayed on a web page. Staff should also be trained to avoid clicking on links in emails and messages especially from unknown sources.
• For SQL Injection: Do not take input from web forms and use it directly in a database query. Ensure that all input is validated and checked for malicious code before being used.
• For Man-in-the-middle attacks: Avoid using unsecured wifi networks and never send sensitive information using a network connection that is not trusted.

Example Response:

For an event based threat: To protect the organization from this threat, the organisation could apply a data backup strategy across all its stores, who should be assigned to take weekly full backups and daily incremental backups, and stores this off-site on the cloud, this way a power surge will not lead to permanent customer transaction data loss since a copy of data is located off-site to be retrieved.

• Limit the third party’s access to the data, encrypt data where possible
• Use a confidentiality agreement to reduce the risk of the third party sharing data.
• Only use third parties that are covered by Australian law.
•  Only use software from reputable, trustworthy sources

Version control keeps track of changes to the solution documents and code ensuring the current version is easily identified and preventing mix-ups where new additions are made to outdated files.

Version control also makes it is possible to ‘roll back’ to any previous point in the development if issues develop with the current version.