Cybersecurity-Incident-Response-and-Threat-Monitoring-Database-System

Description

This project presents the design and implementation of a Cybersecurity Incident Response and Threat Monitoring Database System developed as part of the MIT802 Database Systems course. The system models the operational workflow of a Security Operations Center (SOC) by managing cybersecurity incidents, assets, vulnerabilities, alerts, remediation actions, and analyst activities within an organizational environment. The project demonstrates the application of relational database design principles, including conceptual modeling, logical modeling, physical database design, SQL implementation, and query processing within a cybersecurity-focused business process.

Project Objectives

The primary objectives of this project are: - Design a cybersecurity-focused relational database system - Model SOC incident response processes - Implement database structures using SQL - Manage cybersecurity assets and incidents efficiently - Demonstrate practical database normalization and relationships - Execute and retrieve security-related data using SQL queries

Business Case Study

The case study focuses on a Security Operations Center (SOC) environment where cybersecurity analysts monitor organizational infrastructure for threats, suspicious activities, vulnerabilities, and security incidents. The system provides capabilities for: - Asset management - Incident tracking - Vulnerability monitoring - Security alert management - Remediation tracking - Security reporting

Database Design Components

Conceptual Model (ER Diagram)

The conceptual model was developed using an Entity Relationship Diagram (ERD) to identify entities, attributes, and relationships within the system.

Major Entities

- Organization - Asset - Analyst - Incident - Alert - Vulnerability - Remediation - Report

Relationships

- One Organization owns many Assets - One Asset can have many Incidents - One Analyst handles many Incidents - One Incident generates many Alerts - One Incident has many Remediation actions - One Incident produces one Report - One Asset can contain many Vulnerabilities

Logical Model

The logical model defines the relational schema, primary keys, foreign keys, and relationships between entities in the database system.

Physical Model

The physical database model was implemented using SQL data types and relational constraints compatible with MySQL database systems.

SQL Implementation

Data Definition Language (DDL)

The project includes SQL scripts for: - Table creation - Primary key implementation - Foreign key relationships - Relational constraints

Data Manipulation Language (DML)

The database was populated with sample cybersecurity operational data including: - Security incidents - Vulnerabilities - SOC analysts - Alerts - Organizational assets

SQL Queries

Several SQL queries were implemented to retrieve and analyze cybersecurity information from the database system. Example queries include: - Incident retrieval - Vulnerability analysis - Incident-to-analyst mapping - Asset vulnerability tracking

Languages and Utilities Used

- MySQL - One Compiler - Lucidchart / ER Diagram Tools - Relational Database Design - Cybersecurity SOC Concepts

Environments Used

- Windows 10

Learning Outcomes

This project strengthened practical understanding in: - Database modeling - SQL implementation - Relational database management - Cybersecurity data organization - Security incident tracking systems

Conclusion

The project successfully demonstrates the design and implementation of a Cybersecurity Incident Response and Threat Monitoring Database System suitable for Security Operations Center environments. The database structure supports efficient management of incidents, vulnerabilities, analysts, assets, and remediation activities using relational database technologies.

Repository Structure and Files

This repository contains the complete project documentation and implementation files for the Cybersecurity Incident Response and Threat Monitoring Database System. Included in the repository are the README documentation file, the full assignment report in PDF format, the SQL implementation scripts contained in the database.sql file, the Entity Relationship Diagram (ERD), and screenshots showing the execution outputs of the DDL, DML, and SQL query operations used throughout the project.

Author

Robert Iroha MIT802 – Database Systems