Improving the Incident Management Process Based on a Use Case Approach

The purpose of the study is to improve the incident management process. The article considers the process approach to incident management in case of technical failures and its main stages: detection, response, investigation, elimination, resolution. At the stages of response and investigation of the incident, as well as its elimination, there is an urgent problem, which is the violation of the deadlines adopted in the Service Level Agreement (SLA).A comparative analysis of the indicators before and after the application of the proposed use case approach is carried out. The proposed algorithm, applying the base of use cases, allows reducing the number of incidents that are returned for revision, as well as reduce the number of incidents, the resolution period of which exceeds the limits accepted according to the SLA.

The scientific novelty lies in the use of the case analysis device for incident processing in the technical support service.

Materials and methods. To solve the above problem related to the violation of the deadlines for processing incidents accepted in the SLA, the article considers an approach to improving the incident management process based on the use case analysis of incidents. The use of the case analysis device is a cycle of reasoning based on use cases. By the value of the degree of similarity to the incident, a specific use case and the associated decision-making scenario are selected. The method of plausible reasoning allows us to solve the problem of multiple escalations as an integrated automation tool and, as a result, reduce the number of violations of the deadlines for resolving incidents. This approach allows you to increase the efficiency of finding similar scenarios for responding to incidents. The nearest neighbor method is used to compare and extract use cases. This method does not require large computational costs and provides the required degree of reliability (error) of the decision. The application of the nearest neighbor method is based on calculating the degree of proximity of the current situation to the use cases stored in the base of use cases.

Results. The proposed approach allowed us to develop a new algorithm for classifying incidents in the information system based on the use case and statistical analysis, which reduces the response time and eliminates incidents. The analysis of statistical data is carried out; the efficiency is estimated as a result of the application of the algorithm based on the use case analysis. The assessment showed a significant reduction in unnecessary escalations of incidents to the second support line, so the application of the base of use cases in resolving incidents allowed for improving the incident management process.

1. Yan V. B. IT Service Management. Introductory course based on ITIL. Publisher: Van Haren Publishing, commissioned by ITSMF Netherlands. 303 p.

2. Zhukov V.G. A precedent analysis of information security. Vestnik SibGAU = Bulletin of SibGAU. 2013; 2: 19-23. (In Russ.)

3. Shalyapin A.A. Model-algorithmic support of the system of precedent analysis of information security incidents. Reshetnevskiye chteniya= Reshetnevskie chteniya. 2015: 304-306. (In Russ.)

4. Berman A. F. The concept of constructing a precedent expert system. Materialy XII Mezhdunarodnoy nauchnoy konferentsii po vychislitel’noy mekhanike i sovremennym prikladnym programmnym sistemam = Materials of the XII International Scientific Conference on Computational Mechanics and Modern Applied Programming Systems. Vladimir; 2003;2: 110–111. (In Russ.)

5. Mikryukov A.A., Ustselemov V.N. Building an information security subsystem based on a precedent approach. Nauchnoye obozreniye = Scientific Review. 2013; 12: 227-230. (In Russ.)

6. Mikryukov A.A., Ustselemov V.N. A model for assessing the degree of risk of information threats in infocommunication systems based on neuro-fuzzy inference. Nauchnoye obozreniye = Scientific Review. 2013; 12: 219-222. (In Russ.)

7. Mikryukov A.A., Ustselemov V.N. Hybrid model of risk assessment in information systems. Prikladnaya informatika = Applied Informatics. 2014; 1(49): 50-55. (In Russ.)