Case based analysis of information security incidents

The article considers the general approach to the management of information security incidents according to international standard ISO/IEC 27001:2005 and its improvement by means of corresponding procedures automation at the stage of decision making in the process of response strategy definition with the help of case based analysis apparatus. The approach proposed by the authors is based on finding solutions on the analogy - from specific to specific. The authors present description of the logical structure, the model and the algorithm of case based incidents analysis system, as well as the results of numerical experiments. The proposed concept of building the case based system of information security incidents will allow to increase responsiveness and to repetitively use the previous experience of their solution in the process of automated incidents management.