top of page
Search

Basics: Root Cause Analysis(RCA)?

Updated: Apr 19

Background

Our experts have analyzed that the Security and Investigative functions are linked to Cyber domain in one way or the other. Intricate knowledge of Cyber security and related processes is mandatory. In an attempt to arm our students with sound knowledge in the field of Cyber-security, we will be evolving a Cyber security module exclusively to be used in Security domain. The contents, which are basic in nature will be introduced to the audience in a series of introductory articles by our team. You can log on to the blog page to offer your valuable comments.


What is Root Cause Analysis?


The Root is the origin, source, or cause of something. When we are using our problem solving abilities, we can employ a variety of techniques. One that is often used in engineering is the root cause analysis. The objective of this analysis is to find the problem and eliminate it for good. This process should result in the problem no longer being a problem now or in the future. In this case, the root can also be described as the “true” reason for a problem.


The Process of RCA


RCA should not just be diagnosing the symptoms but eradicating the source. Secondly, this is not just strictly related to the cyber security industry or processes. The analysis is applicable to any problem that your business faces or even in your personal life.


Define Event


The monster is an unknown issue. When we identify the problem event it is no longer a monster and we can clarify the issue and define the scope of the problem. If the event involves more than the Information Technology or Security department, it is important that all members share a common understanding of problem. Some questions are: -


  • What happened?

  • Where did it happen?

  • When did it happen?

  • What systems were involved?

  • Is it contained?

  • What is the impact?


Answers to these questions should remain unbiased and truthfully.


Find Causes


It is Self Explanatory and practically finding the root cause, but some techniques can be employed to run this step run smoothly. Once the events are defined, then find out the cause of the event.


Finding the Root cause


By defining and finding the cause of the event, now it is time to find the root cause. This step should focus on discovering and uncovering. Using the process known as the 5 why’s is a common approach to cause and effect. The process merely involves asking why 5 times. Let’s say the organization is facing an issue with a non-responsive firewall that was just procured from an acquisition, so the problem statement could be phrased as: “the new firewall is not working as intended.” From the problem statement you can begin the process:


  • 1st Why: It won’t let legitimate connection through.

  • 2nd Why: It deactivates during certain time periods.

  • 3rd Why: It doesn’t recognize the company operating systems.

  • 4th Why: It has not undergone software updates.

  • 5th Why: It blocks all internet communication.


Look for Solutions


Try and get all stakeholders involved in this process. All opinions should be open for discussion. This type of brainstorming can make the process of finding solutions much quicker. There is a variety of subject matter experts out there that can help with firewall problems. It might also be worth checking with the previous company to see if they encounter the same issues (in the example scenario, the firewall was implemented from an acquisition).


Take Actions


The team must now take action and implement the solutions in the previous steps.

  • Rebooting parts of the affected systems

  • Updating software

  • Patching Vulnerabilities

  • Generating audit reports


Verify Solutions Effectiveness


The final steps in the RCA is to see if the solutions actually worked.


Conclusion


There are benefits to using Root Cause Analysis (RCA) that may not seem obvious at first, but in the long term, it will. The first benefit is that if done correctly problems should not repeat. This is the primary reason you should be using a root cause analysis, especially if you see specific problems repeating themselves. Secondly, the way a root cause analysis works is all parties that are affected by the problem become an interested group. In a complex and interconnected business environment, this means most if not all departments will be affected by a Security or Information Security problem. This required involvement means communication between these different groups improves. Fundamentally carrying out a root cause analysis can secure the company’s long-term performance, saving money / time and arresting reputational/business loss.


To be continued...


standby for our next blog


Meanwhile, you can log in to the blog page to offer your comments.


Testing and Certification





📞 Contact Us for free Consultation


Detection | Research | Analysis | Security | Intelligence


🚀Innovate, Navigate, Thrive!





DRASINT RISK ALLIANCE is the sole owner of the published content


DRASInt RISK ALLIANCE is committed to protecting copyright and investigating literary theft claims. Third-party copyright violations will be addressed and action may be taken. Databases and distributors can create copies for dissemination.

Comments

Rated 0 out of 5 stars.
No ratings yet
Add a rating
bottom of page