freshidea - Fotolia
It's been advocated that enterprises work root cause analysis into a risk management plan. This sounds like an extra step in the already lengthy security audit process. What are the benefits of root cause analysis and is it really effective enough to work into my organization's security plan?
Root cause analysis (RCA) answers four basic questions: What happened? How did it happen? Why did it happen? And what can be done to prevent it from happening again? These questions are typically asked after an incident. A risk management plan defines the process of planning, organizing, leading and controlling the activities of an organization in order to minimize the risks to the organization.
Incident response plans (IRPs) provide an organized approach to addressing and managing the aftermath of a security breach or attack. A key component of the IRP is "lessons learned" where the IRP team analyzes the incident and how it was handled, making recommendations for better future response and for preventing a recurrence. This requires a closer look at what, how and why the incident occurred. Security teams are then able to determine what steps are required to prevent the incident from happening again. This process should include a root cause analysis.
Including the RCA in the risk management plan could be beneficial, but if the chief information security officer is to focus on information security risk the RCA is best included in the IRP.
IRPs are most effective when they result from the RCA and when viable incident scenarios are tested to ensure the IRP team can expertly manage actual incidents when they occur.
Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)
Check out some expert advice on creating a security risk management plan
Dig Deeper on Information Security Incident Response-Information
Related Q&A from Mike O. Villegas
As ransomware continues to surge, companies are faced with decisions to report the attacks, pay the ransom or both. Experts weigh in on the options ... Continue Reading
A social media security policy is necessary for most enterprises today. Expert Mike O. Villegas discusses what should be included in social media ... Continue Reading
A cybersecurity training center could help security professionals continue their education, but are the benefits worth the investment for enterprises... Continue Reading