ICT-III Past Paper PDF

Summary

This OCR past paper covers information and communication technologies (ICT) at a secondary school level, with specific focus on social media platforms and cyber ethics. It explores the concepts of social media interactions, social media platforms, and various aspects of cyber ethics.

Full Transcript

 Social Media Plate forms
Introduction:- Social media refers to the means of interactions among
people in which they create share and/or exchange information and ideas
in virtual communities and networks. The office of communities and
networks. The office of communications and marketing manages the,
main Face book, twilter, intagram, Linkedln and YouTube accounts.

Introduction Social Media Plate forms:- A Social media platform refers
to an online digital service or website that enables users to create, share
and interact with content and connect with other users It provides a
virtual space for individuals organizations and communities to
communicate, Collaborate and engage with one another.
Social media platforms allow users to have conversations, share
information and create web content. There are many forms of social
media including blogs, micro-blogs, wikis, Social networking sites,
photo-sharing sites, instant messaging, video-sharing sites, podcasts,
widgets, virtual worlds and more.
Social Media Plateforms:- Social media are interactive technologies that
facilitate the creation, sharing and aggregation of content amongst virtual
communities and networks. Common features include: Online platforms
that enable users to create and share content and participate in social
networking.
Social media refers to the means of interactions among people in
which they create, share, and/or exchange information and ideas in virtual
communities and networks. The Office of Communications and Marketing
manages the main Facebook, X/Twitter, Instagram, LinkedIn, and YouTube
accounts.

Cyber Ethics
Cyber Ethics:- Cyberethics is a branch of applied ethics that examines
moral, legal, and social issues at the intersection of computer/information
and communication technologies. This field is sometimes also referred to
by phrases such as Internet ethics, computer ethics, and information ethics.
Cyberethics is "a branch of ethics concerned with behavior in an online
environment". In another definition, it is the "exploration of the entire
range of ethical and moral issues that arise in cyberspace" while
cyberspace is understood to be "the electronic worlds made visible by
the Internet.“ For years, various governments have enacted regulations
while organizations have defined policies about cyberethics.

Some of the breaches of cyberethics are listed below:
1. Cyber Bullying: Cyberbullying is a form of bullying carried out via
internet technology such as social media where individuals are
mocked on their physical appearance, lifestyle, preferences, etc. The
teenage generation or say youngsters are the major victims of this
form of cyber ethic breach. Cyberbullying affects the emotional
ethics of individuals and can cause mental disturbance to
individuals.
2. Hacking: Stealing a user’s personal or organizational information
without authorized permission is not considered a good practice. It is
one of the riskiest cyber breaches to data leak. Data leak includes
passing of sensitive information such as passwords, bank details of
the user to a third-party user who is not authorized to access the
information.
3. Copywriting: Claiming of another individual as one’s own is
another type of cyber ethic breach that must be eradicated. Never
engage in copywriting another person’s content or document and
claim as it is your own. It leads to a serious problem called
plagiarism, which is a punishable offense and considered a legal
crime. It is always advisable to follow general cyberethics, while
using the internet or say any kind of technology. A proper code of
conduct must be followed while using cyber technology. Cyberethics
if not used wisely can lead to serious situations. Social and legal
laws are defined to use cyber technology wisely. In extreme cases,
legal action can be taken if there is a violation of cyber ethics.
Cyber Ethics focuses on the following:-
1. Privacy:-
i.The content that is available on the internet should not hurt any moral, emotional,
or personal ethics of individuals.
ii.Users should have the right to protect any information which they don’t want to
share openly.
iii.Private information like user’s contact details, address, security-related
information like bank details, credit card/debit card details, are all included in
basic cyber ethics of user privacy and must not be breached in any case.
iv.Any breach of privacy is theft/fraud of user identity and user personal
information, which is punishable as per the rules of law.

2. IPR:
i. IPR stands for Intellectual Property Rights.
ii. IPR defines that the owners have the complete right to the content that is
posted on the internet.
iii. The entire content is solely a belonging of the originator and no individual is
allowed to claim that content published by the original creator as its own.
iv. Unauthorized distribution of someone else’s work should never be adopted as
it’s ethically incorrect to not give creation and monetary benefits to the creator
of the work.
3. Security:
i. Security on the internet is the most basic ethical right that every user must
be accessible.
ii. Users of the internet should feel safe while they surf the net.
iii. Security, in general means only authorized users to have access to the
content on the computer.
iv. And confidential information is safe, without any risk of loss of
information/content.

4. Accuracy:
i. The content available on the internet is accessed by billions of users.
ii. If there is no reliability of the information that is posted online, then it
would mislead the masses.
iii. Cyberethics assert the importance of posting content on the internet that is
correct in all aspects.
iv. Users trust the content of the internet and rely heavily on the internet for
facts, therefore it is highly needed that the asked information is correct
and reliable.
 Cyber Law
Cyber Law Define:- Cyber Law also called IT Law is the law regarding
Information-technology including computers and the internet. It is related to legal
informatics and supervises the digital circulation of information, software,
information security, and e-commerce.
IT law does not consist of a separate area of law rather it encloses aspects
of contract, intellectual property, privacy, and data protection laws. Intellectual
property is a key element of IT law. The area of software license is controversial
and still evolving in Europe and elsewhere.

Importance of Cyber Law:
1. It covers all transactions over the internet.
2. It keeps eye on all activities over the internet.
3. It touches every action and every reaction in cyberspace.

Area of Cyber Law: Cyber laws contain different types of purposes. Some laws
create rules for how individuals and companies may use computers and the internet
while some laws protect people from becoming the victims of crime through
unscrupulous activities on the internet. The major areas of cyber law include:
1. Fraud:- Consumers depend on cyber laws to protect them from online
fraud. Laws are made to prevent identity theft, credit card theft, and
other financial crimes that happen online. A person who commits
identity theft may face confederate or state criminal charges. They might
also encounter a civil action brought by a victim. Cyber lawyers work to
both defend and prosecute against allegations of fraud using the internet.
2. Copyright:- The internet has made copyright violations easier. In the
early days of online communication, copyright violations were too easy.
Both companies and individuals need lawyers to bring an action to
impose copyright protections. Copyright violation is an area of cyber law
that protects the rights of individuals and companies to profit from their
creative works.
3. Defamation: Several personnel uses the internet to speak their mind.
When people use the internet to say things that are not true, it can cross
the line into defamation. Defamation laws are civil laws that save
individuals from fake public statements that can harm a business or
someone’s reputation. When people use the internet to make statements
that violate civil laws, that is called Defamation law.
5. Harassment and Stalking: Sometimes online statements can violate
criminal laws that forbid harassment and stalking. When a person
makes threatening statements again and again about someone else
online, there is a violation of both civil and criminal laws. Cyber
lawyers both prosecute and defend people when stalking occurs using
the internet and other forms of electronic communication.
6. Trade Secrets: Companies doing business online often depend on
cyber laws to protect their trade secrets. For example, Google and
other online search engines spend lots of time developing the
algorithms that produce search results. They also spend a great deal of
time developing other features like maps, intelligent assistance, and
flight search services to name a few. Cyber laws help these companies
to take legal action as necessary to protect their trade secrets.
7. Contracts and Employment Law: Every time you click a button that
says you agree to the terms and conditions of using a website, you
have used cyber law. There are terms and conditions for every website
that are somehow related to privacy concerns.
 Database
Define:- A database is an organized collection of data stored in a computer
system and usually controlled by a database management system (DBMS).
The data in common databases is modeled in tables, making querying and
processing efficient. Structured query language (SQL) is commonly used
for data querying and writing.

The Database is an essential part of our life. We encounter several activities
that involve our interaction with databases, for example in the bank, in the
railway station, in school, in a grocery store, etc. These are the instances
where we need to store a large amount of data in one place and fetch these
data easily.

Q:- What is Data?
Ans:- Data is statically raw and unprocessed information. For example –
name, class, marks, etc. In computer language, a piece of information that
can be translated into a form for efficient movement and processing is
called data. Data is interchangeable information.
Q:- What is a Database?
Ans:- A database is a collection of data that is organized, which is also
called structured data. It can be accessed or stored in a computer system. It
can be managed through a Database Management System (DBMS), a
software used to manage data. Database refers to related data in a
structured form.

App:- In information technology, an application (app), an application
program, or application software is a computer program designed to help
people perform an activity. Depending on the activity for which it was
designed, an application can manipulate text, numbers, audio, graphics,
and a combination of these elements.
An application program is a computer program designed to carry
out a specific task other than one relating to the operation of the computer
itself, typically to be used by end-users. Word processors, media players,
and accounting software
Artificial Intelligence(AI):- In recent years, AI has been seamlessly
integrated into various communication systems, such as the internet
backbone, cellular networks, mobile devices, base stations, fiber optics,
microwave transmission, satellites, and undersea cables.
AI in the IT industry refers to the application of artificial
intelligence technologies and techniques to various aspects of
information technology. This includes software development, data
analysis, cybersecurity, infrastructure management, and more.

Machine learning (ML):- ML is a branch of artificial intelligence (AI)
and computer science that focuses on the using data and algorithms to
enable AI to imitate the way that humans learn, gradually improving its
accuracy.
Machine Learning Technology is defined as a system that
optimizes performance by using statistical methods to infer conclusions
from data and computer science methods to provide computing power
for solving problems and making predictions.
Q:- What is machine learning in information technology?
Ans:- Machine learning is a subfield of artificial intelligence, which is
broadly defined as the capability of a machine to imitate intelligent
human behavior. Artificial intelligence systems are used to perform
complex tasks in a way that is similar to how humans solve problems.

Q:- How is machine learning used in communication?
Ans:- It includes ML based signal detection, channel encoding and
decoding, channel estimation, prediction, and compression, and resource
allocation, which can directly improve the performance of each
individual processing block in traditional communications systems.

Q:- What is machine learning in ICT and its applications?
Ans:- Machine learning (ML) is a branch of artificial intelligence (AI)
and computer science that focuses on the using data and algorithms to
enable AI to imitate the way that humans learn, gradually improving its
accuracy.
 The main ML types are supervised learning, unsupervised learning,
and reinforcement learning.
1. Supervised learning :- Supervised learning (SL) is a paradigm in machine
learning where input objects (for example, a vector of predictor variables)
and a desired output value (also known as a human-labeled supervisory
signal) train a model. The training data is processed, building a function
that maps new data to expected output values.
2. Unsupervised learning:- Unsupervised learning algorithms find structures
in data that has not been labeled, classified or categorized. Instead of
responding to feedback, unsupervised learning algorithms identify
commonalities in the data and react based on the presence or absence of
such commonalities in each new piece of data.
3. Reinforcement learning:- Reinforcement learning (RL) is an
interdisciplinary area of machine learning and optimal control concerned
with how an intelligent agent ought to take actions in a dynamic
environment in order to maximize the cumulative reward. Reinforcement
learning is one of three basic machine learning paradigms, alongside
supervised learning and unsupervised learning.
 Major Social Media Plateform
Top 10 Most Popular Social Media Platforms
Facebook:- Facebook is a website which allows users, who sign-up for
free profiles, to connect with friends, work colleagues or people they
don't know, online. It allows users to share pictures, music, videos, and
articles, as well as their own thoughts and opinions with however many
people they like.
YouTube:- YouTube is an American online, free video sharing social
media website and app on the internet, and founded on February 14,
2005, by three former PayPal employees. Google (a search engine
company) has owned and operated YouTube since 2006.
WhatsApp:- WhatsApp is an instant messaging and voice-over-IP
service owned by technology conglomerate Meta. It allows users to send
text, voice messages and video messages, make voice and video calls,
and share images, documents, user locations, and other content.
Instagram:- Instagram is a free, online photo-sharing application and
social network platform that was acquired by Facebook in 2012.
Instagram allows users to edit and upload photos and short videos
through a mobile app.
TikTok :- TikTok is a social media platform for creating, sharing and
discovering short videos. The app is used by young people as an outlet to
express themselves through singing, dancing, comedy, and lip-syncing,
and allows users to create videos and share them across a community.

WeChat:- WeChat or Weixin in Chinese is a Chinese instant messaging,
social media, and mobile payment app developed by Tencent. First
released in 2011, it became the world's largest standalone mobile app in
2018 with over 1 billion monthly active users.

Facebook Messenger:- Messenger, also known as Facebook Messenger,
is an American proprietary instant messaging service developed by Meta
Platforms. Originally developed as Facebook Chat in 2008, the client
application of Messenger is currently available on iOS and Android
mobile platforms, Windows and macOS desktop platforms, through the
Messenger.com web application, and on the standalone Facebook Portal
hardware.
Telegram:- Telegram Messenger, commonly known as Telegram, is a
cloud-based, encrypted, cross-platform, instant messaging (IM) service.
It was originally launched for iOS on 14 August 2013 and Android on 20
October 2013. It allows users to exchange messages, share media and
files, and hold private and group voice or video calls as well as public
livestreams. It is available for Android, iOS, Windows, macOS, Linux,
and web browsers. Telegram also offers end-to-end encryption in voice
and video calls, and in optional private chats, which Telegram calls
Secret Chats.
Snapchat:- Snapchat is an American multimedia instant messaging app
and service developed by Snap Inc., originally Snapchat Inc. One of the
principal features of Snapchat is that pictures and messages are usually
only available for a short time before they become inaccessible to their
recipients.
Douyin:- Douyin is a popular short video platform in China where users
can create and share 15-second videos. It is known for its creative filters,
effects, and music options.
Major Social Media plateforms:- Social platforms let people easily
communicate and exchange ideas or content. Business and product
marketing. These platforms enable businesses to quickly publicize their
products and services to a broad audience. Businesses can also use
social media to maintain a following and test new markets.

Important Functional:- These interactive platforms allow individuals,
communities, and organizations to share, co-create, discuss, participate
in, and modify user-generated or self-curated content. Social media is
used to document memories, learn, and form friendships. They may be
used to promote people, companies, products, and ideas.

Social Media plateforms Security attributes
Security:- The top five social media security threats are phishing, social
engineering, information disclosure, fake accounts, and malware.
Attributes:- Social media is characterised by its openness
to user feedback and participation, with few barriers to
accessing information or making comments. The
networking philosophy and user-friendly content sharing
mechanisms enhance this openness.
 Definition and importance of DBMS
Introduction:- Data is a very important resource in the operation
and management of an organization. So, it is very essential to
organize the data in a meaningful manner, because an
unorganized data has no meaning. With the increased demand of
the data in the various organizations such as bank, universities,
railways, airlines, companies etc., It becomes a necessity to store
data in an organized manner so that it can be used again and again.So, we need a database to store the data in an organized form.
DBMS is a software system used to manage database and
its various operations like insertion, deletion, updating and
retrieval. It enables users to store, modify and extract information
from a database as per the requirements. It acts as an
intermediator between the user and the database.”
Definition:- Database management systems (DBMSs) are specially
designed software applications that interact with the user, other
applications, and the database itself to capture and analyze data. A
general-purpose DBMS is a software system designed to allow the
definition, creation, querying, update, and administration of databases.
Well-known DBMSs include MySQL, Microsoft SQL Server, and
Oracle etc.

Importance:- A DBMS is a critical component for system
development, as it offers data abstraction, integrity, security, sharing,
and analysis. It hides the low-level details of how data is stored and
accessed, and provides a high-level interface for users and applications.
It also enforces rules and constraints to ensure data accuracy,
consistency, and validity. In addition, it implements policies and
mechanisms to protect data from unauthorized access and manipulation.
Furthermore, it enables data to be shared and accessed by multiple users
and applications in a concurrent and coordinated manner. Finally,
it provides tools and features for data analysis and decision making.
All these benefits make a DBMS an invaluable tool for system
development. Databases are essential for storing large amounts of data
in one place. With databases, organizations can quickly access,
manage, modify, update, organize and retrieve their data. Databases
are normally controlled using a database management system
(DBMS).

Characteristics of Database

The Same major characteristics are:
1. Self-describing nature of the database system: Self-describing
nature of the database is the approach that the database system not
only contains the database itself but also contains the description
and definition of the structure of the database and its constraints.
2. Insulation between data and program, and data abstraction:
In traditional file system the file structure is embedded in the
application, therefore if there is any change in the file structure
then it may require that all the programs are changed which
access these file. In contrast, the DBMS system does not require
such changes in most of the case. The file structure here is stored
in the DBMS catalog separate from the access program. We can
call this property as DATA INDEPENDENCE.
3. Support multiple user view of the data: A database typically
has many users and each user may have a different perspective or
view of the database. So it is important that a multiple user
database that has a variety of distinct application provides the
facility for defining multiple views.
4. Sharing of data and multiple user transaction processing: A
DBMS must allow multiple users to share the data at the same
time. It must include concurrency control software to ensure that
multiple users trying to update the same data do it in a controlled
manner so that the result of the update is correct.

Advantage of DBMS
1. Reduction of Redundancies: Centralized control of data by the
DBA avoids unnecessary duplication of data and effectively
reduces the total amount of data storage required.
2. Elimination of Inconsistencies: The main advantage of avoiding
duplication is the elimination of inconsistencies that tend to be
present in redundant data files.
3. Shared Data: A database allows the sharing of data under its control
by any number of application programs or users.
4. Integrity: Centralized control can also ensure that adequate checks are
incorporated in the DBMS to provide data integrity. Data integrity
means that the data contained in the database is both accurate and
consistent.
5. Security: Data is of vital importance to an organization and may be
confidential. Such confidential data must not be accessed by
unauthorized persons.
Disadvantage of DBMS
1. Cost of software/hardware and migration: A significant
disadvantage of the DBMS system is cost. In addition to the cost of
purchasing or developing the software, the hardware has to be
upgraded to allow for the extensive programs and work spaces required
for their execution and storage.
2. Problem associated with centralization: While centralization reduces
duplication, the lack of duplication requires that the database be
adequately backed up so that in the case of failure the data can be
recovered.
3. Complexity of Backup and Recovery: Backup and recovery operations
are fairly complex in a DBMS environment, and this is exacerbated in a
concurrent multi user database system.

Components of DBMS
1. Database Engine:- Database Engine is the heart of DBMs. It is responsible
for storing retrieving and updating the data. This component is responsible
for the speed(performance) and scalability of a database.
2. Data Dictionary:- A data dictionary is a database about databases. It holds
all information about each data element in the databases, such as its name,
data type, range of values, source, access authorization and indicates
which application programs use this data item.
3. Query Processor:- Query processor is a functional component of
database management system whose function is to break down
query (SQL) statements (given by user) into instructions
understood by the DBMS and which helps the database system to
access and update data.
4. Security and Other Utilities:- DBMS must be responsible for
establishing and maintaining security access controls. Security
component of DBMS must identify the user and then provide or
limit access to various parts of the database. Various
administrative utilities such as backup and recovery, user
management, data storage evaluation and performance monitoring
tools are provided with most of the DBMSs.
5. Other components include forms (data entry screens) generator,
report (output screens) generator and data acommunication and
networking utilities.
 Conceptual In DBMS (Three-Level Architecture of DBMS)
In DBMS, the database can have different aspects to reveal if
seen from different levels of abstraction. The term abstraction means the
amount of detail you want to hide. Any entity can be seen from different
perspectives and levels of complexity to make it a reveal its current
amount of abstraction.
 In the same manner, the database can also be viewed from
different levels of abstraction to reveal different levels of details. From a
bottom-up manner, we may find that there are three levels of abstraction
in the database:
1. External Level:- In this database view, maximum detail about the
database will be hidden from the user. At external level, only the
restricted portion of the database is available to end user, because an
end user does not need to know everything about the structure of the
entire database, rather than the amount of details he/she needs to
work with. It implements highest level of data abstraction.
2. Conceptual Level:- This view will provide some more detail about
the database to the user like-structure or schema detail of the
database. Conceptual level describes what data are stored in the
database and what relationships exist among those data. At this level,
we are not interested with the raw data items anymore; we are
interested with the structure of the database. This means we want to
Know the information about the attributes of each table, the common
attributes in different tables that help them to be combined, what kind of
data can be input into these attributes, and so on. It implements middle
level of data abstraction.
3. Internal Level:- This level is concerned with the physical storage of
the data. It provides the internal view of the actual physical storage of
data. It deals with the description of how raw data items (like 1, ABC,
D20 etc.) are stored in the physical storage devices (Hard Disc, CD,
DVD, Tape Drive etc.). It also describes the data type of these data
items, the memory size of the items in the storage media, the location
(physical address) of the items in the storage device and so on. It
implements lowest level of data abstraction.

Although, both internal level and physical level is considered as a
single level, but there is slight difference between them. Actually, physical
level is one that is managed by the operating system under the direction of
DBMS, while the internal level is managed by DBMS.
Data Independence:- Database management system (DBMS) supports
the concept of data independence since it represents a system for
managing data separately from the programs that use the data.
The three-level architecture of DBMS provides the concept of
data independence, which means that upper-levels are unaffected by
changes to lower-levels. In other words, it allows changes to the structure
of a database without requiring application programs or users to make
any changes in the way they access the data.
Types of Data Independence:-
Two types of Data Independence are:-
a.Logical Data Independence:- The ability to change the logical or
conceptual schema of database without changing the external schema
is called logical data independence. For example, the addition or
removal of an attribute or field to the conceptual schema should be
possible without having to change existing external schema or having
to rewrite existing application programs.
b. Physical Data Independence:- The ability to change the physical or
internal schema without changing the logical schema is called physical
data independence. For example, a change to the internal schema, such
as using different storage devices should be possible without having to
change the conceptual or external schemas.
(Logical Data Independence V/s. Physical Data Independence)
Logical Data Independence Physical Data Independence

It is concerned with the structure of the It is concerned with storage of the data.
data.
It is very difficult as the retrieving of It is easy to retrieve.
data is very much dependent on the
logical structure of data.
Application program need not be Physical database is concerned with the
changed if new fields are added or change of the storage device.
deleted from the database.
It is concerned with the conceptual It is concerned with the internal schema.
schema.
Data Model:- A data model is a description of the organization of a
database. Data modeling is used for representing entities and their
relationships in a database.
In a database, a group of similar information or data, which is of
interest to an organization, is called an entity.
Each entity can have a number of characteristics. The
characteristics of an entity are called attributes. For example, an entity,
say client, can have characteristics like name, address, phone number,
balance due, etc.

Security
General Considerations: Implementation of database security is
process of protecting a database from unintended activity. Unintended
activity can be categorized as authenticated misuse, malicious attacks or
inadvertent mistakes made by authorized individuals or processes.
Database Security includes policies framed to protect data,
falling in the hands of unauthorized user. Security also includes the
techniques used to ensure that data elements are not changed or deleted
by viruses or by unauthorized persons.
In short, data security addresses the following issues:
(a) Privacy of certain data elements.
(b) Preserving Policies of the Organization.
(c) System related security level.
(d) Maintaining integrity of database.

Privacy of certain Data Elements:- Privacy relates to the legal and
ethical rights regarding the access to certain personal data items. Some
critical information may be regarded as private say for example the
medical records of a person. Such records should not be accessed, read
or modified by unauthorized persons.
System related Security Level:- The level of the system at which the
security should be enforced. For example, whether a security should be
enforced at the hardware level, operating system level or DBMS level.
Maintaining Integrity of Database:- Data items stored in the database should
be valid and consistent. Besides integrity constraints in the database
management system, controlling access to the database can greatly help to
preserve the database integrity.

Data Security Risks:- A database involves the following threats to its security:
a) An unauthorized user can get access to a database and damage its files or
alter it.
b) The authorized user can accidently of deliberately give privileges to user,
who have no time to access databases.
c) Improper usage of concurrent transaction processing can cause variations in
the data values read and written, by two users at the same time.
d) An unauthorized person could get access to a database through a
communication channel, via a terminal, and even insert virus and destroy
data completely.
e) A database user (such as an operator or programmer) can intentionally bypass
the security mecahnisms and make unauthorized copies of secret data, for
malicious purposes.
f. Authorized persons could transmit secret information under force or
for personal gain(such as bribe or other favours).
g. Failure of memory protection against virus attack may lead to errors
in the DBMS package.
h. Due to some system malfunctioning, a user may get access to the
portion of a database, which he is not authorized under normal
conditions.

DATABASE SECURITY REQUIREMENTS
Database security requires the following:
(a) Ethical and social culture of the employees of the organization
should forbid an individual from obtaining something by unfair means
and forcibly entering into an organizations computing facility.
Legislation and security laws that make it illegal to obtain an
unauthorized access to an organization’s computer systems should be
implemented.
b. Computers and terminals should be kept locked and their access
should be limited to authorized users. Physical storage devices (such
as magnetic tapes, disk drives) should be secured both within the
organization and while they are being sent from one location to
another.
c. Username and passwords should be kept confidential. The database
administrator determines whether a user should be given the privilege
or not and if yes, what privileges should be given.
d. The operating system should have some built-in safety features such
as identification and authentication of users, avoiding direct access to
data in primary files, memory access as well as resource management
including thread synchronization.

LEVELS OF SECURITY
Database management systems (DBMSs) provide different levels
of security. These are the following:
a) Network Level Security:- Network software Level security is
required in case of distributed database systems. Network software
have built-in method for login security controls, permitting
authorized users to log in and gain access to resources on the
network. Another level of security provided by network software is
the rights security.
b) Operating system (OS) Level Security:- Even if you have a strong
DBMS software, a weak operating system may serve as a means of
unauthorized deletion of database files. So, secure OS is important.
c) Database System Level Security:- Some database users may be
allowed to access only a portion of the database and denied access
only a portion of the database and denied access to other portions. A
user, Ram Lal, may be given permission to view information but not
to modify data. That is, he can issue SELECT queries but not
INSERT, UPDATE or DELETE queries.
d) Program Level Security:- It debars unauthorized users from using
particular programs that may access the database. For example, a
bank clerk may be allowed to use a program that retrieves details of
a customer account, but not a program the modifies the balance
amount.
e) Record Level Security:- It dabars Unauthorized users from
accessing or updating certain records, such as records of managers in
the EMPLOYEE table.
f) Field Level Security:- It dabars unauthorized users from accessing
or updating data in certain fields such as Salary field.

Integrity
Database integrity is the preservation od data correctly and
implies the process of keeping the database from accidental deletion or
alteration.
General Considerations:- When many users enter data items into a
database it becomes very important that the values data item are not
disturbed. Hence, data insertions, updations, etc. Have to be carried out
in such a way that database integrity is always maintained.

Integrity cheeks can be performed at the data entry level itself,
by checking that data values conform to certain specified rules, namely
the value lies within a specified range’. For example, the age of the
employee will be in the range of 18 years to say 70 years.

Integrity Rules:- Relational database model specifies the following
integrity rules or constraints.
a) Entity Integrity Constraint
b) Referential Integrity Constraint
c) Domain Integrity Constraint
1.Entity Integrity Constraint:- Entity Integrity constraint specifies
that entities (row) should be distinguishable. That is, each entity must
be unique. Primary key values perform this unique identification
function. No prime attribute (component of a primary key) value would
be null. This is because, if two or more entities have nulls in their
primary key value, they cannot be distinguished.
If an attribute of a table is prime attribute (unique identifier), it
cannot accept null values. That is, values of primary key cannot be null.

2.Referential Integrity Constraint:- Referential Integrity constraint
ensures that a value that appears in one relation for an attribute should
also appear for a matching attribute in another relation, if the two
relations are related to each other on this common attribute.
 Referential Integrity is concerned with the concept of foreign
key. The domain of a foreign key are those of the primary key of
another relation.

3. Domain Integrity Constraint:- Domain Integrity constraint
specifies that the value of an attribute, say A, must be from the
domain, i.e. from Domain(A). A domain is a set of atomic values. For
example, the domain for the attribute AGE of EMPLOYEE table, will
be the set of all possible positive numbers between 18 and 65. The
attribute cannot hold a value other than those specified in the domain.

Restrictions On Integrity Constraints
Integrity constraint checking can be in-built in a Database
Management Software (DBMS). Each database request (for insertion,
deletion or updation of data) is first checked for any integrity
violations. The requesting user or application program is then sent a
message indicating the problem, if any, and the request is also rejected.
 Most DBMS have some form of language constructs, such as triggers,
for data validation and for performing some operation when an erroneous
database request is encountered. Triggers are just like the procedures and
functions, except that they are not invoked explicitly. Database triggers are
made and associated with a database table. They get implicitly executed when
the table gets affected (integrity rule violated) due to an operation. Including
integrity checking in the DBMS itself (rather than coding validation rules in
the application programs) has the following advantages:
a) A failure in an application program will not cause inconsistency in the
database, since the DBMS itself checks for data validating before
entertaining any operation, written in SQL.
b) The application programmer does not have to know about the complete
semantics of the database, which he is making use of.
c) No duplication of efforts, would be made.
d) Had the data validation checks been done in the application programs,
malicious users could have directly manipulated the database using a
query language, without needing an application program. This action
needs to be prevented.
 User Authentication
User Authentication is a process in which the identity of any user is
verified before they can access anything in your database. It is the process of
securing data from unauthorized access. It is important to implement user
authentication in DBMS to prevent data theft, data loss, or network attacks.
There are various methods of data authentication in DBMS such as
multi-factor authentication, password authentication certificate
authentication, biometrics token authentication, device authentication API
authentication, etc.
In this article, we will be discussing the importance and
implementation of user authentication in DBMS.

What is User Authentication in DBMS?
It is the process of verifying whether the person accessing the data is
legitimate or not. In other words, it is a process in DBMS of verifying the
identity of the user to prevent unauthorized access to any database. It is used
in securing the database and preventing malicious access.
 It typically involves asking the user for a username and
password to access the contents of any database. These credentials are
typically also stored in another database which is used to verify the
legitimacy of these credentials by matching them both and checking if
they are correct. In simple terms, only the correct person who is
authorized to access the data inside the database is allowed to do so.
There are various benefits of user authentication in DBMS:
1. Preventing unauthorized or malicious access: Proper authentication
in DBMS will allow you to prevent unauthorized access which can
lead to harm such as stealing, modifying, or deleting your important
data.
2. Preventing Data Loss & corruption: User authentication in DBMS
allows you to prevent data loss and corruption by verifying only
experts are allowed to access the database. An unauthorized person
may not have proper understanding about the structure of the
DBMS which may lead to accidental deletion of important data.
3. Providing Access Control: It means that only some specific user
roles (such as Administrators) are allowed to access the data which
helps prevent data abuse and accidental information loss.
4. Securing Networks and Network Chains: User authentication in a
fairly large database will help prevent ransomware attacks on a
large network of any organization by preventing unauthorized
access to the interface.
5. Preventing Data theft: User authentication will help prevent data
theft by not allowing hackers or people with malicious intent to
access and leak the data on the dark web.

Implementing User Authentication in DBMS
To implement user authentication in DBMS, you need to follow
certain steps and guidelines to ensure the proper implementation. The
most common way of implementing user authentication in DBMS in
providing access control, Access control allows only certain individuals
or set of individuals to access the contents of any DBMS.
 One of the most popular ways of providing user
authentication in DBMS are known as role based access control and
attribute based access control.

User Authorization:- Authorization is the process where the
database manager gets information about the authenticated user. Part
of that information is determining which database operations the user
can perform and which data objects a user can access.
Authorization in a database is the process of determining a
user's access to a database and the actions they can perform:
1. Access: Authorization determines which data objects a user can
access. For example, a user might be authorized to create tables,
but not to alter them.
2. Actions: Authorization determines which database operations a
user can perform.
 Authorization is usually paired with authentication, which verifies
the user's identity. For example, in a coffee shop, a barista might only be
able to place and view orders, while a manager might also be able to
access sales totals
Users can gain authorization by being granted it to their user ID, or
by being a member of a group or role that has the authorization.
Other ways to protect databases include: Access control, Inference
control, Flow control, and Encryption.

Concept of Data Encryption
Define:- Data Encryption is a method of preserving data confidentiality by
transforming it into ciphertext, which can only be decoded using a unique
decryption key produced at the time of the encryption or before it. The
conversion of plaintext into ciphertext is known as encryption.
Types of Data Encryption
There are multiple encryption techniques, each of which have been
developed with various security requirements in mind. Symmetric and
Asymmetric encryption are the two types of data encryption.
1. Symmetric Key Encryption:- There are a few strategies used in
cryptography algorithms. For encryption and decryption processes,
some algorithms employ a unique key. In such operations, the
unique key must be secured since the system or person who knows
the key has complete authentication to decode the message for
reading. This approach is known as “symmetric encryption” in the
field of network encryption.
2. Asymmetric Key Encryption:- Some cryptography methods
employ one key for data encryption and another key for data
decryption. As a result, anyone who has access to such a public
communication will be unable to decode or read it. This type of
cryptography, known as “public-key” encryption, is used in the
majority of internet security protocols. The term “asymmetric
encryption” is used to describe this type of encryption.
Importance of Data Encryption
The significance of encryption cannot be overstated in any
way. Even though your data is stored in a standard infrastructure, it is
still possible for it to be hacked. There’s always the chance that data
will be compromised, but with data encryption, your information will
be much more secure. Consider it this way for a moment. If your data
is stored in a secure system, encrypting it before sending it out will
keep it safe. Sanctioned systems do not provide the same level of
protection.

Access control in Encryption
Access control is a data security process that enables
organizations to manage who is authorized to access corporate data
and resources. Secure access control uses policies that verify users are
who they claim to be and ensures appropriate control access levels are
granted to users.
 Access control is defined as a security technique used to regulate
who has the authority to view what data; while encryption simply encoding
all data into an unreadable format and only allowed access if one holds the
decryption key. In a glance, most would unanimously agree that encryption
would be the better option.

The three types of access control are:-
1. Role-Based Access Control (RBAC) systems:- RBAC is a method of
controlling access to computer systems, networks, or resources based on
a user's role within an organization
2. Attribute-Based Access Control (ABAC):- ABAC is a logical access
control model that uses attributes to determine access to resources.
ABAC is used to protect sensitive data and other digital assets from
unauthorized users.
3. Discretionary Access Control (DAC):- DAC is a decentralized access
control policy that allows subjects to control access to objects. You can
find DAC in smartphone apps, Google Docs, and Operating Systems
worldwide.
A database administrator (DBA) has many roles, including:
1. Database design: DBAs design, implement, and maintain databases.
They may also oversee the construction of databases in larger
organizations.
2. Data security: DBAs ensure data is stored securely and is easily
accessible to users. They may also be responsible for authentication.
3. Database performance: DBAs monitor database performance and tune it
as needed.
4. Backup and recovery: DBAs are responsible for backing up database
servers and restoring them when necessary.
5. Troubleshooting: DBAs troubleshoot issues and work with developers to
implement new features.
6. User support: DBAs provide training and support to users.
7. Capacity planning: DBAs plan for capacity.
8. Data handling: DBAs handle data extraction, transformation, and
loading.
9. Software maintenance: DBAs install and maintain software
A database administrator (DBA) is responsible for the maintenance,
security, and operation of a database system. Their responsibilities include:
1. Database management: DBAs are responsible for the design,
implementation, and maintenance of databases. They may also be
responsible for overseeing the construction of databases in larger
organizations.
2. Data security: DBAs ensure that data is stored and retrieved correctly, and
that the database is secure. They manage user access to the database,
ensuring that users have the appropriate permissions and access levels.
3. Performance: DBAs monitor the performance of the system and take
action to address any issues. They may also tune the performance of the
database.
4. Backups and recovery: DBAs are responsible for ensuring that data is
backed up and can be recovered in the event of a disaster.
5. Troubleshooting: DBAs work with developers to troubleshoot any issues
that arise.
6. Training and support: DBAs may provide training and support to users.
7. Reporting: DBAs may be responsible for reporting on various components
of software design.
 Backup and Recovery
Transaction Recovery:- A single DBMS operation such as updation,
insertion, selection or deletion is not a single task but involves many
tasks. For example, in the EMPLOYEE table, to update the designation
of an employee from MANAGER to ANALYST, following operations
need to be performed.
1. Locating the required record in the secondary storage medium (hard
disk, etc.)
2. Copying the record to primary memory.
3. Performing the required updation.
4. If successful, perform commit1 action. Else perform rollback2 action.
Thus, the updation, insertion or deletion operation requires a number
of distinct tasks or steps to be performed by the DBMS. Such a
collection of tasks or steps for execution of a single database
operation (like insertion, updation, deletion, etc.) is called a
Transaction.
 A transaction is a program unit whose execution may or may
not change the contents of a database. Transaction is executed as a
single unit. If the database was in a consistent state before a
transaction, then after execution of the transaction also, the database
must be in a consistent state. Once committed, a database cannot be
rolled back.

A transaction can be terminated in three ways. These are:
1. Suicidal Termination: The Transaction detects an error while
processing and decides to terminate itself by performing a rollback
operation.
2. Murderous Termination: The Database Management Software or
the operating system can force the Transaction to be terminated
due to some specified reasons.
3. Successful Termination: The Transaction is terminated after
executing it successfully.
Database Backups:- Database backup is the activity of copying
database to a permanent storage (such as magnetic tape) so that they
will be preserved in case of equipment failure or other disasters.
Equipment failures include system crashes, disk damage etc. Disasters
include fire, flood or earthquakes. The backup copy can then be used
to restore data. The backup must be kept synchronized with the
primary copy of the database, regularly. That is, one should copy the
primary database onto the backup everyday, every week or every
month depending on the need. Generally, the backup copy of the
database is kept separated from the primary copy. This is because a
disaster at the primary location should not damage the backup site.
Keeping a backup increases the availability of data. That is,
data is available to the user in spite of system failures or
environmental disasters. Latest copy of the backup is loaded from the
tape to the system and thus the normal operations are restarted.
Why to Plan Backups?
The backup copy and backup logs must be kept away from the
primary database site, so that disasters, such as theft or fire, do not
destroy them also. The backup logs must be moved to a different place
at least once in a day.
An important part of database planning is backup planning.
Planning backup means to make sure that a current copy of the database
is always available even in case of catastrophes. Any disaster, be it fire,
flood, earthquake, terrorist or virus attacks, disk drive crash, power
failure or accidental deletion may not block the normal functioning the
system.

Types of Backups
Backups are of two types:
a) Immediate Backup
b) Archival Backup
Immediate Backups:- Immediate Backups are kept in a floppy disk, zip
disk, hard disk or magnetic tapes. These comes handy when a technical
fault occurs in the primary database such as system failure, disk crashes,
network failure or accidental erasure of data. Damage due to virus attacks
are also repaired using the immediate backup.
Archival Backups:- Archival Backups are kept in mass storage devices
such as magnetic tape, CD-ROMs, Internet Servers etc. They are useful for
recovering data after a disaster such as fire, earthquake, flood, terrorist
attack etc. Archival backups should be kept at a different site other than
where the system is functioning. Archival backup at a separate place
remains safe from thefts and intentional desctruction by user staff.

Database system Recovery.
All electronic devices are subject to failures in one form or another.
A computer system is also an electronic device and hence is subject to
failures of various forms. Since DBMS forms part of the computer
system, it is also prone to failures and errors of various kinds.
Following are likely reasons for a transaction to fail in the
middle of execution.
a) System crash: A hardware, software or network error can occur in
the computer system during transaction execution. Hardware crash
may also occur due to main memory failure.
b) Transaction error: Some erroneous operation such as integer
overflow or division by zero etc., in the transaction may cause a
failure in between.
c) Transaction might be terminated before completion due to the
detection of deadlock condition.
d) Disk failure: Some disk blocks may lose their data because of a read
or write malfunction or because of a disk read/write head error.
e) Natural Catastrophes: This refers to a number of problems including
power failure, fire, theft, overwriting tapes or disks by mistake.
 Big data and
Big data Define:-Big data describes large and diverse datasets that are
huge in volume and also rapidly grow in size over time. Big data is used
in machine learning, predictive modeling, and other advanced analytics
to solve business problems and make informed decisions.
Big data is a collection of data that is too large and complex for
traditional data management systems to process, store, and analyze. It
can include structured, semi-structured, and unstructured data, and is
often characterized by the following three V's:
Volume: The large amount of data
Variety: The wide range of data types
Velocity: The speed at which the data is generated, collected, and
processed
Data analytics define:- Data analytics is the process of collecting,
transforming, and organizing data in order to draw conclusions, make
predictions, and drive informed decision making. The field
encompasses data analysis, data science, and data engineering.
 Data analytics converts raw data into actionable insights. It
includes a range of tools, technologies, and processes used to find
trends and solve problems by using data. Data analytics can shape
business processes, improve decision-making, and foster business
growth.

The four forms of analytics—
1. Descriptive:- Descriptive analytics is a statistical interpretation
used to analyze historical data to identify patterns and
relationships. Descriptive analytics seeks to describe an event,
phenomenon, or outcome.
2. Diagnostic:- Diagnostic analytics examines data to understand the
root causes of events, behaviors, and outcomes. Data analysts use
diverse techniques and tools to identify patterns, trends, and
connections to explain why certain events occurred.
3. Predictive:- Predictive analytics is a branch of advanced
analytics that makes predictions about future outcomes using
historical data combined with statistical modeling, data mining
techniques and machine learning. Companies employ predictive
analytics to find patterns in this data to identify risks and
opportunities.
4. Prescriptive:- Prescriptive analytics is a form of data analytics
that helps businesses make better and more informed decisions.
Its goal is to help answer questions about what should be done to
make something happen in the future.