Design considerations for a case-based reasoning engine for scenario-based cyber incident notification

Virtually all modern organizations have embedded information systems into their core business processes as a means to increase operational efficiency, improve decision making quality, and minimize costs. Unfortunately, this dependence can place an organization´s mission at risk if the confidentiality, integrity, or availability of a critical information resource has been lost or degraded. Within the military, this type of incident could ultimately result in serious consequences including physical destruction and loss of life. To reduce the likelihood of this outcome, personnel must be informed about cyber incidents, and their potential consequences, in a timely and relevant manner so that appropriate contingency actions can be taken. In this paper, we identify criteria for improving the relevance of incident notification, propose the use of case-based reasoning (CBR) for contingency decision support, and identify key design considerations for implementing a CBR system used to deliver relevant notification following a cyber incident.