|
502 | 502 | { |
503 | 503 | "id": "SAFE-UC-0019", |
504 | 504 | "title": "Post-incident review drafting assistant", |
505 | | - "status": "seed", |
| 505 | + "status": "draft", |
| 506 | + "maturity": "draft", |
506 | 507 | "repo_path": "use-cases/SAFE-UC-0019/README.md", |
507 | 508 | "naics_2022": [ |
508 | 509 | { |
509 | 510 | "code": "51", |
510 | 511 | "name": "Information" |
| 512 | + }, |
| 513 | + { |
| 514 | + "code": "5132", |
| 515 | + "name": "Software Publishers" |
| 516 | + }, |
| 517 | + { |
| 518 | + "code": "5182", |
| 519 | + "name": "Computing Infrastructure Providers and Data Processing Services" |
| 520 | + }, |
| 521 | + { |
| 522 | + "code": "5415", |
| 523 | + "name": "Computer Systems Design and Related Services" |
511 | 524 | } |
512 | 525 | ], |
513 | | - "summary": "Draft post-incident reviews/postmortems from timelines and notes with accuracy checks and sensitive-data handling." |
| 526 | + "summary": "AI-assisted drafter that takes incident artifacts (timeline, alerts, chat transcripts, tool-call audit logs, customer-impact data, on-call notes) and drafts the post-incident review plus regulator-facing disclosures (SEC Form 8-K Item 1.05, NIS 2 Article 23, GDPR Article 33, HIPAA 45 CFR 164.412, state-AG, banking 36-hour, DORA Article 19). Sits downstream of SAFE-UC-0024 (terminal SRE outage) and SAFE-UC-0022 (SOC investigation). Defining inversion: the AI's primary output IS the regulated text. 8-stage kill chain with 5 stages NOVEL across timeline-fact integrity, causal-chain hallucination, action-item commitment fabrication, AI-drafted regulator-filing hallucination, and materiality-determination influence. Draws from Google SRE Workbook Chapter 10 blameless-culture norms, PagerDuty community PIR template, NIST SP 800-61, and ISO/IEC 27035-1/-2 incident-management frameworks.", |
| 527 | + "workflow_family": "Post-incident review and regulated-disclosure drafting", |
| 528 | + "operating_modes": [ |
| 529 | + "manual", |
| 530 | + "hitl", |
| 531 | + "autonomous" |
| 532 | + ], |
| 533 | + "tags": [ |
| 534 | + "post-incident-review", |
| 535 | + "postmortem", |
| 536 | + "blameless-culture", |
| 537 | + "incident-response", |
| 538 | + "regulated-disclosure", |
| 539 | + "sec-item-1-05", |
| 540 | + "nis-2-article-23", |
| 541 | + "gdpr-article-33", |
| 542 | + "hipaa-breach-notification", |
| 543 | + "dora-article-19", |
| 544 | + "state-ag-breach", |
| 545 | + "banking-36-hour", |
| 546 | + "iso-27035", |
| 547 | + "nist-sp-800-61", |
| 548 | + "soc-2-cc7", |
| 549 | + "itil-major-incident", |
| 550 | + "materiality-determination", |
| 551 | + "hallucination-regulated-text", |
| 552 | + "tenant-isolation", |
| 553 | + "eu-ai-act-article-50" |
| 554 | + ], |
| 555 | + "evidence": [ |
| 556 | + { |
| 557 | + "label": "Google SRE Workbook, Chapter 10: Postmortem Culture: Learning from Failure (the canonical blameless-postmortem reference)", |
| 558 | + "url": "https://sre.google/workbook/postmortem-culture/" |
| 559 | + }, |
| 560 | + { |
| 561 | + "label": "PagerDuty: Postmortems documentation (legacy postmortems.pagerduty.com community guide; the de facto industry reference)", |
| 562 | + "url": "https://postmortems.pagerduty.com/" |
| 563 | + }, |
| 564 | + { |
| 565 | + "label": "incident.io: Post-mortem features (template, AI-generated summary, action-item tracking)", |
| 566 | + "url": "https://incident.io/post-mortem" |
| 567 | + }, |
| 568 | + { |
| 569 | + "label": "FireHydrant: Retrospectives + Reliability AI", |
| 570 | + "url": "https://firehydrant.com/product/retrospectives/" |
| 571 | + }, |
| 572 | + { |
| 573 | + "label": "Rootly: Retrospectives and Rootly AI for incident communications", |
| 574 | + "url": "https://rootly.com/features/retrospectives" |
| 575 | + }, |
| 576 | + { |
| 577 | + "label": "SEC Cybersecurity Disclosure Rules: Form 8-K Item 1.05 (released 26 July 2023; effective for large filers 18 December 2023; smaller reporting companies 15 June 2024)", |
| 578 | + "url": "https://www.sec.gov/newsroom/press-releases/2023-139" |
| 579 | + }, |
| 580 | + { |
| 581 | + "label": "Directive (EU) 2022/2555 (NIS 2): Article 23 incident reporting (24-hour early warning, 72-hour notification, 1-month final report)", |
| 582 | + "url": "https://eur-lex.europa.eu/eli/dir/2022/2555/oj" |
| 583 | + }, |
| 584 | + { |
| 585 | + "label": "Regulation (EU) 2016/679 (GDPR): Article 33 personal-data-breach notification (72 hours)", |
| 586 | + "url": "https://eur-lex.europa.eu/eli/reg/2016/679/oj" |
| 587 | + }, |
| 588 | + { |
| 589 | + "label": "NIST SP 800-61 Rev 2: Computer Security Incident Handling Guide (August 2012)", |
| 590 | + "url": "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf" |
| 591 | + }, |
| 592 | + { |
| 593 | + "label": "ISO/IEC 27035-1:2023: Information security incident management Part 1: Principles and process", |
| 594 | + "url": "https://www.iso.org/standard/78973.html" |
| 595 | + }, |
| 596 | + { |
| 597 | + "label": "ISO/IEC 27035-2:2023: Information security incident management Part 2: Guidelines to plan and prepare for incident response", |
| 598 | + "url": "https://www.iso.org/standard/78974.html" |
| 599 | + }, |
| 600 | + { |
| 601 | + "label": "HIPAA Breach Notification Rule (45 CFR 164.400 to 164.414; HHS canonical reference)", |
| 602 | + "url": "https://www.hhs.gov/hipaa/for-professionals/breach-notification/index.html" |
| 603 | + }, |
| 604 | + { |
| 605 | + "label": "Federal banking Computer-Security Incident Notification Rule (12 CFR Parts 53, 225, 304; FDIC final-rule press release)", |
| 606 | + "url": "https://www.fdic.gov/news/press-releases/2021/pr21099.html" |
| 607 | + }, |
| 608 | + { |
| 609 | + "label": "Regulation (EU) 2022/2554 (DORA Digital Operational Resilience Act; applicable from 17 January 2025)", |
| 610 | + "url": "https://eur-lex.europa.eu/eli/reg/2022/2554/oj" |
| 611 | + }, |
| 612 | + { |
| 613 | + "label": "OWASP Top 10 for LLM Applications (2025)", |
| 614 | + "url": "https://genai.owasp.org/llm-top-10/" |
| 615 | + }, |
| 616 | + { |
| 617 | + "label": "NIST AI 600-1: AI Risk Management Framework Generative AI Profile (July 2024)", |
| 618 | + "url": "https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.600-1.pdf" |
| 619 | + } |
| 620 | + ] |
514 | 621 | }, |
515 | 622 | { |
516 | 623 | "id": "SAFE-UC-0020", |
|
0 commit comments