LEARNING OUTCOME 4: DATABASE CONCEPTS

Organizing and preparing data for inclusion in a database:

4.1 Organize and prepare data for inclusion in the database:

Organizing and preparing data is a critical component of creating a database, as it ensures that
the data is accurate, complete, and consistent. This includes collecting data, preparing it for
input, verifying and validating the data, and classifying it according to user needs.
- Methods of data collection: There are several methods of data collection that can be used,
including:

- Manual data entry: Manual data entry involves entering data into the system manually, either
by typing it in or by copying and pasting it from another source.

- Automated data entry: Automated data entry involves using a computer program or tool to
extract data from another source, such as a website or a spreadsheet.

- Importing data: Importing data involves using a tool or program to transfer data from one
system to another.

- Prepare data for input: To prepare data for input into a database, it is important to ensure that
the data is accurate, complete, and consistent. This may involve cleaning up the data, removing
duplicates, and standardizing data formats.

- Data verification and validation: Data verification and validation involves checking that the
data is accurate, complete, and consistent. This may involve running data quality checks, such
as checking for missing values or inconsistencies in data formats.

- Classify data according to user needs: Classifying data according to user needs involves
organizing the data into categories or groups based on how it will be used. This may involve
creating tables or views in the database that are tailored to specific user needs.

By organizing and preparing data for inclusion in a database, organizations can ensure that the
data is accurate, complete, and consistent, which can help to improve the effectiveness and
efficiency of the database system.
Creating a database and modifying or retrieving data in line with requirements:

Create database and modify or retrieve data in line with requirements:

Creating a database involves using Data Definition Language (DDL) commands to define the
structure of the database, while modifying or retrieving data involves using Data Manipulation
Language (DML) commands to insert, delete, or modify data in the database. It is also important
to use Data Control Language (DCL) commands to manage user access to the database.
- DDL commands:

- Creation: DDL commands for creating a database include CREATE DATABASE, which
creates a new database, and CREATE TABLE, which creates a new table within a database.

- Alteration: DDL commands for altering a database include ALTER TABLE, which can be used
to add or remove columns from a table, and ALTER DATABASE, which can be used to modify
the properties of a database.

- DML commands:

- Insertion: DML commands for inserting data into a database include INSERT INTO, which
inserts a new row into a table, and SELECT INTO, which creates a new table based on the
results of a query.

- Deletion: DML commands for deleting data from a database include DELETE FROM, which
deletes one or more rows from a table, and TRUNCATE TABLE, which deletes all rows from a
table.

- Update/modification: DML commands for modifying data in a database include UPDATE,

which modifies one or more rows in a table, and MERGE, which allows data to be updated or
inserted into a table based on the results of a query.

- DCL commands:

- Granting privileges: DCL commands for granting privileges include GRANT SELECT, which
allows a user to select data from a table, and GRANT INSERT, which allows a user to insert
data into a table.

- Revoking privileges: DCL commands for revoking privileges include REVOKE SELECT,
which removes a user's ability to select data from a table, and REVOKE INSERT, which
removes a user's ability to insert data into a table.

By using DDL, DML, and DCL commands, organizations can create and modify databases,
insert, delete, or modify data in the database, and manage user access to the database. This helps
to ensure that the database is functioning effectively and efficiently, and that users have access to
the data they need.
To implement database operations for reading and writing data, you will need to use a database
management system (DBMS) such as MySQL, Oracle, or PostgreSQL. Here are some general
steps for implementing database operations:
1. Connect to the database: Use a database driver or library to establish a connection to your
database. This typically involves specifying the database name, hostname, username, and
password.

2. Write SQL queries: Use SQL (Structured Query Language) to write queries that retrieve
or modify data in the database. SQL is a standard language that is used to interact with most
relational databases.

3. Execute queries: Use the database driver or library to execute your SQL queries. The
driver will handle the details of sending the query to the database server and retrieving the
results.

4. Process results: Depending on the type of query you executed, you may need to process
the results returned by the database. For example, if you ran a SELECT query, you would
typically loop through the rows returned and extract the data you need.

5. Close the connection: When you are finished interacting with the database, be sure to
close the connection to avoid leaving open connections that could cause performance problems
or security risks.

Reading and writing data from a MySQL database:

Reading data:

```
import MySQL. Connector def

get_users():

conn = mysql.connector.connect(
host="localhost",

user="myusername",

password="mypassword",

database="mydatabase"

)
cursor = conn.cursor()
cursor.execute("SELECT * FROM users")
 rows = cursor.fetchall()

users = [] for row in rows:

user = {

"id": row[0],
"name": row[1],
"email": row[2]
}
users.append(user)

conn.close() return users

```

In this example, we connect to a MySQL database, execute a SELECT query to retrieve all rows
from a "users" table, and convert the results to a list of dictionaries.

Writing data:

```
import mysql.connector def

add_user(name, email):

conn =

mysql.connector.connect( host="localhost

", user="myusername",

password="mypassword",

database="mydatabase"

)
cursor = conn.cursor()
 query = "INSERT INTO users (name, email) VALUES (%s, %s)"

values = (name, email) cursor.execute(query, values)

conn.commit() conn.close()

```

In this example, we connect to a MySQL database, execute an INSERT query to add a new user
to a "users" table, and commit the changes to the database. Note that we use placeholders (%s) to
prevent SQL injection attacks and pass the actual values as a tuple to the execute method.
Maintain database function:

Explain the need for database security:

Database security is essential to ensure the confidentiality, integrity, and availability of data
stored in a database. The need for database security arises from the sensitivity and importance of
the data stored in databases, which could include confidential business information, personal
information, financial data, and more. Unauthorized access, modification, or destruction of this
data could result in significant financial losses, legal liabilities, or damage to an organization's
reputation. Therefore, it is crucial to implement adequate security controls to protect databases
from various threats.
Identify threats to database security:
There are several threats to database security that organizations need to be aware of. Some of the
most common threats include:
1. Malware attacks: Malware can be used to steal sensitive data, modify data, or disrupt
database operations.

2. SQL injection attacks: SQL injection attacks are a type of cyber attack where an attacker
injects malicious SQL code into a database query, allowing them to steal data or modify the
database.

3. Insider threats: Insider threats can come from employees, contractors, or other trusted
individuals who have access to the database. These individuals could accidentally or
intentionally cause harm to the database or steal data.

4. Unauthorized access: Unauthorized access can occur when attackers gain access to the
database using stolen credentials, weak passwords, or exploiting vulnerabilities in the database
or its environment.

5. Physical threats: Physical threats include theft, vandalism, or natural disasters that can
damage or destroy the database hardware.
Measures to deal with threats to database security:
To deal with threats to database security, organizations can implement various security measures.
These measures can be categorized into three types: physical, logical, and behavioral security.
Physical security:
Physical security measures are designed to protect the database hardware and infrastructure from
physical threats. Some of the physical security measures include:
1. Restricting access to the server room or data center.

2. Installing surveillance cameras and motion sensors.

3. Implementing fire suppression systems, temperature control systems, and backup power.

Logical security:
Logical security measures are designed to protect the database from unauthorized access,
modification, and other cyber threats. Some of the logical security measures include:

1. Implementing access controls such as role-based access control (RBAC) and multi-factor
authentication (MFA).

2. Encrypting the data in transit and at rest.

3. Implementing intrusion detection and prevention systems (IDPS) to detect and prevent cyber-
attacks.

4. Regularly patching the database and its environment to address known vulnerabilities.

Behavioral security:
Behavioral security measures are designed to prevent insider threats and ensure that employees
and contractors follow security best practices. Some of the behavioral security measures include:
1. Conducting regular security awareness training for employees and contractors.

2. Implementing separation of duties to prevent any single individual from having too much
access or control over the database.

3. Conducting background checks on employees and contractors who will have access to the
database.

4. Regularly monitoring and auditing access to the database to detect and prevent unauthorized
activities.

Log and report database performance issues:

Database performance is critical for ensuring that databases operate efficiently and effectively.
When database performance issues arise, it is essential to identify and resolve them promptly to
minimize the impact on users and the organization's operations. Here are some steps
organizations can take to log and report database performance issues:
Database performance monitoring:
Database performance monitoring involves continuously monitoring the database to identify
performance issues, such as slow queries, high CPU or memory usage, or excessive disk I/O.
Some of the tools and techniques used for database performance monitoring include:
1. SQL Profiling: This involves analyzing SQL statements executed by the database to
identify queries that are causing performance issues.

2. System Monitoring: This involves monitoring system metrics such as CPU usage,
memory usage, and disk I/O to identify performance bottlenecks.

3. Query Optimization: This involves optimizing SQL queries to improve their

performance, such as adding indexes or rewriting queries.

Database tuning:
Database tuning involves adjusting the database configuration and parameters to optimize its
performance. Some of the techniques used for database tuning include:
1. Optimizing database schema: This involves optimizing the database schema to reduce the
number of joins or eliminate redundant data.

2. Configuring caching: This involves configuring caching mechanisms to reduce the

number of database queries.

3. Adjusting database parameters: This involves adjusting database parameters such as

buffer size, thread pool size, or query cache size to improve performance.

Database performance reporting:

Database performance reporting involves generating reports that summarize database
performance metrics and issues. Some of the reports that organizations can generate include:
1. Performance dashboards: These are visual representations of database performance
metrics such as CPU usage, memory usage, and query response time.

2. Alert notifications: These are notifications sent to administrators when performance

issues are detected.
3. Performance trend analysis: This involves analyzing performance trends over time to
identify patterns or anomalies that may indicate performance issues.