top of page

Why Root Cause Analysis(RCA)?

Updated: Aug 1, 2023


Our experts have analyzed that the Security and Investigative functions are linked to Cyber domain in one way or the other. Intricate knowledge of Cyber security and related processes is mandatory. In an attempt to arm our students with sound knowledge in the field of Cyber-security, we will be evolving a Cyber security module exclusively to be used in Security domain. The contents, which are basic in nature will be introduced to the audience in a series of introductory articles by our team. You can log on to the blog page to offer your valuable comments.

What is Root Cause Analysis?

The Root is the origin, source, or cause of something. When we are using our problem solving abilities, we can employ a variety of techniques. One that is often used in engineering is the root cause analysis. The objective of this analysis is to find the problem and eliminate it for good. This process should result in the problem no longer being a problem now or in the future. In this case, the root can also be described as the “true” reason for a problem.

The Process of RCA

RCA should not just be diagnosing the symptoms but eradicating the source. Secondly, this is not just strictly related to the cyber security industry or processes. The analysis is applicable to any problem that your business faces or even in your personal life.

Define Event

The monster is an unknown issue. When we identify the problem event it is no longer a monster and we can clarify the issue and define the scope of the problem. If the event involves more than the Information Technology or Security department, it is important that all members share a common understanding of problem. Some questions are:

  • What happened?

  • Where did it happen?

  • When did it happen?

  • What systems were involved?

  • Is it contained?

  • What is the impact?

Answers to these questions should remain unbiased and truthfully.

Find Causes

It is Self Explanatory and practically finding the root cause, but some techniques can be employed to run this step run smoothly. Once the events are defined, then find out the cause of the event.

Finding the Root cause

By defining and finding the cause of the event, now it is time to find the root cause. This step should focus on discovering and uncovering. Using the process known as the 5 why’s is a common approach to cause and effect. The process merely involves asking why 5 times. Let’s say the organization is facing an issue with a non-responsive firewall that was just procured from an acquisition, so the problem statement could be phrased as: “the new firewall is not working as intended.” From the problem statement you can begin the process:

  • 1st Why: It won’t let legitimate connection through.

  • 2nd Why: It deactivates during certain time periods.

  • 3rd Why: It doesn’t recognize the company operating systems.

  • 4th Why: It has not undergone software updates.

  • 5th Why: It blocks all internet communication.

Look for Solutions

Try and get all stakeholders involved in this process. All opinions should be open for discussion. This type of brainstorming can make the process of finding solutions much quicker. There is a variety of subject matter experts out there that can help with firewall problems. It might also be worth checking with the previous company to see if they encounter the same issues (in the example scenario, the firewall was implemented from an acquisition).

Take Actions

The team must now take action and implement the solutions in the previous steps.

  • Rebooting parts of the affected systems

  • Updating software

  • Patching Vulnerabilities

  • Generating audit reports

Verify Solutions Effectiveness

The final steps in the RCA is to see if the solutions actually worked.


There are benefits to using Root Cause Analysis (RCA) that may not seem obvious at first, but in the long term, it will. The first benefit is that if done correctly problems should not repeat. This is the primary reason you should be using a root cause analysis, especially if you see specific problems repeating themselves. Secondly, the way a root cause analysis works is all parties that are affected by the problem become an interested group. In a complex and interconnected business environment, this means most if not all departments will be affected by a Security or Information Security problem. This required involvement means communication between these different groups improves. Fundamentally carrying out a root cause analysis can secure the company’s long-term performance, saving money / time and arresting reputational/business loss.

To be continued...

standby for our next blog

Meanwhile, you can log in to the blog page to offer your comments.

Enjoying the topics.....

Download complete digital DRASInt SECURITY OFFICER'S MANUAL from :

�� #DRASInt Risk Alliance #Security Officer's Manual, available, in soft copy option only ��

Are you a transitioning serviceman looking to excel in the corporate security environment? Or perhaps a corporate security professional aiming to enhance your knowledge and skills to match the industry's best? Look no further!

Introducing the Security Officer's Manual, a comprehensive guidebook designed specifically to equip servicemen transitioning into security portfolios and corporate security professionals with the necessary tools for success.

�� Transitioning from "Soldiering" to "Guarding-Prevent Losses" ��

This book serves as an essential resource to help servicemen make a seamless reorientation from the military mindset of "soldiering" during active service to the corporate world's imperative of "guarding and preventing losses." Discover effective strategies, techniques, and best practices to ensure robust security measures in any corporate environment.

�� Enhance Your Knowledge and Stand Among the Best ��

For corporate security professionals, the Security Officer's Manual acts as a valuable reference to augment your expertise and bring you on par with the industry's finest. Dive deep into the latest trends, emerging technologies, risk management methodologies, and security protocols that are essential for maintaining a secure corporate ecosystem.

�� Presented in Simple Hindi for Easy Comprehension ��

We understand the importance of clear communication and comprehension. That's why the subject matter of this book is presented in simple Hindi, ensuring security professionals can easily understand and successfully evaluate their skills. Language should never be a barrier when it comes to advancing in your career.

�� Concessional Rates and No Examinations ��

To make this valuable resource accessible to everyone, the Security Officer's Manual is being sold at concessional rates. Take advantage of this limited-time offer and secure your copy today. Plus, we believe in practical learning, so no examinations will be conducted, and certificates will not be issued.

�� Get Your Copy Now ��

Grab your soft copy.

Empower yourself with the knowledge and skills needed to excel in the corporate security industry. Don't miss this opportunity to invest in your professional growth and secure a brighter future.


Job portal dedicated to meet the requirements of Risk Management & Security Professionals.

Candidates | Employers | Recruiters

Book for free Consultation with our experts today.

Mobile Number:+918290439442,

DRASInt Risk Alliance acts as your Consultative Investigative Unit (CIU) for Field Investigation Services and Surveillance. We specialize in investigations related to Arson, White Collar Crime, Financial Fraud and Malpractice, Corporate Fraud, and Forgery. We specialize in Protective Intelligence, Industrial Surveys, Asset Verification, Accident Investigation Services, and Fire Damage Investigation Services, Character Report, Background Verification, Identity Verification Services, Pre-Employment Check, Documentary Proofing, Bank Card Verification, Digital Forensics Services, and Forensic Audit Services, Insurance Fraud Investigation and Insurance Claim Verification. We also undertake to investigate Anti-Counterfeit Services, Infringement of Trade Mark, Trademark Verification, and Pilferage of Good. As private investigators, we undertake Property Dispute and Asset Verification Investigations, investigations related to Matrimonial Discord, Extra Marital Affairs, and Spouse Fidelity and Pre Matrimonial Verification. Sourcing and provisioning of Security Manpower and Equipment, and conducting Security, Investigation, Intelligence Awareness Training programs are some of our other specialties.

DRASINT RISK ALLIANCE प्रकाशित सामग्री का एकमात्र मालिक है।

DRASInt RISK ALLIANCE कॉपीराइट के उल्लंघन, साहित्यिक चोरी या प्रकाशन के अन्य उल्लंघनों के मुद्दों को बहुत गंभीरता से लेती है। हम अपने अधिकारों की रक्षा करना चाहते हैं और हम हमेशा साहित्यिक चोरी के दावों की जांच करते हैं। प्रस्तुत पाठ की जाँच की जाती है।जहाँ पाठों में पाया जाता है कि बिना अनुमति के या अपर्याप्त स्वीकृति के साथ तृतीय-पक्ष कॉपीराइट सामग्री शामिल है, हम कार्रवाई करने का अधिकार सुरक्षित रखते है। प्रतियाँ बनाने का अधिकार डेटाबेस, या वितरकों को उपलब्ध है जो विभिन्न दर्शकों को पांडुलिपियों या पत्रिकाओं को प्रसारित करने में शामिल हो सकते हैं।


Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page