This Content Component encountered an error
This Content Component encountered an error
This Content Component encountered an error

It's been advocated that enterprises work root cause analysis into a risk management plan. This sounds like an...

extra step in the already lengthy security audit process. What are the benefits of root cause analysis and is it really effective enough to work into my organization's security plan?

Root cause analysis (RCA) answers four basic questions: What happened? How did it happen? Why did it happen? And what can be done to prevent it from happening again? These questions are typically asked after an incident. A risk management plan defines the process of planning, organizing, leading and controlling the activities of an organization in order to minimize the risks to the organization.

Incident response plans (IRPs) provide an organized approach to addressing and managing the aftermath of a security breach or attack. A key component of the IRP is "lessons learned" where the IRP team analyzes the incident and how it was handled, making recommendations for better future response and for preventing a recurrence. This requires a closer look at what, how and why the incident occurred. Security teams are then able to determine what steps are required to prevent the incident from happening again. This process should include a root cause analysis.

Including the RCA in the risk management plan could be beneficial, but if the chief information security officer is to focus on information security risk the RCA is best included in the IRP.

IRPs are most effective when they result from the RCA and when viable incident scenarios are tested to ensure the IRP team can expertly manage actual incidents when they occur.

Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)

Next Steps

Check out some expert advice on creating a security risk management plan

This was last published in August 2015
This Content Component encountered an error

PRO+

Content

Find more PRO+ content and other member only offers, here.

This Content Component encountered an error

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.
This Content Component encountered an error

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close