<p>The increasing prevalence and sophistication of cyber-attacks demands more than policy-centric guidance for incident response. We propose SCIUMA, a cloud-based framework: Scalable, Customisable, Interoperable, Usable, Maturity, and Adoption that fills this gap by adding machine-readable semantics and automated orchestration across heterogeneous platforms. Unlike NIST CSF or AIR4ICS, which focus on “what” to do, SCIUMA defines a top-level OWL/RDF ontology that unifies incident types, response phases, actors, and tools into a formal, executable model. Coupled with cloud-native services (SIEMs, CASBs, DRaaS, Terraform, AWS Lambda), SCIUMA automatically ingests alerts (e.g., “MalwareAttack”), classifies them semantically, and triggers containment and recovery, isolating compromised VMs or generating ServiceNow tickets without manual intervention. In multi-cloud simulations (ransomware, data breach, DDoS, phishing, insider threats), SCIUMA consistently outperformed manual baselines by 3–4 × in detection and response times, while maintaining high containment efficiency. A practical deployment in a mid-sized financial services hybrid-cloud demonstrates seamless integration with QRadar, GraphDB, and AWS IAM. By bridging the gap between high-level IR policies (NIST) and agile, human-centric models (AIR4ICS), SCIUMA offers the first end-to-end, ontology-enabled incident response platform. Future real-world testing will validate its readiness for production adoption and its unique contribution to both research and practice in cloud-based IR.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

A cloud-based SCIUMA framework for standardisation of cyber incident response

  • Tamara Zhukabayeva,
  • Oluwaseguan Adedugbe,
  • Elhadj Benkhelifa

摘要

The increasing prevalence and sophistication of cyber-attacks demands more than policy-centric guidance for incident response. We propose SCIUMA, a cloud-based framework: Scalable, Customisable, Interoperable, Usable, Maturity, and Adoption that fills this gap by adding machine-readable semantics and automated orchestration across heterogeneous platforms. Unlike NIST CSF or AIR4ICS, which focus on “what” to do, SCIUMA defines a top-level OWL/RDF ontology that unifies incident types, response phases, actors, and tools into a formal, executable model. Coupled with cloud-native services (SIEMs, CASBs, DRaaS, Terraform, AWS Lambda), SCIUMA automatically ingests alerts (e.g., “MalwareAttack”), classifies them semantically, and triggers containment and recovery, isolating compromised VMs or generating ServiceNow tickets without manual intervention. In multi-cloud simulations (ransomware, data breach, DDoS, phishing, insider threats), SCIUMA consistently outperformed manual baselines by 3–4 × in detection and response times, while maintaining high containment efficiency. A practical deployment in a mid-sized financial services hybrid-cloud demonstrates seamless integration with QRadar, GraphDB, and AWS IAM. By bridging the gap between high-level IR policies (NIST) and agile, human-centric models (AIR4ICS), SCIUMA offers the first end-to-end, ontology-enabled incident response platform. Future real-world testing will validate its readiness for production adoption and its unique contribution to both research and practice in cloud-based IR.