InfoSys 2025 Congress
March 09, 2025 to March 13, 2025 - Lisbon, Portugal

  • ICNS 2025, The Twenty-Second International Conference on Networking and Services
  • ICAS 2025, The Twenty-Second International Conference on Autonomic and Autonomous Systems
  • ENERGY 2025, The Fifteenth International Conference on Smart Grids, Green Communications and IT Energy-aware Technologies
  • WEB 2025, The Thirteenth International Conference on Building and Exploring Web Based Environments
  • DBKDA 2025, The Seventeenth International Conference on Advances in Databases, Knowledge, and Data Applications
  • SIGNAL 2025, The Tenth International Conference on Advances in Signal, Image and Video Processing
  • BIOTECHNO 2025, The Seventeenth International Conference on Bioinformatics, Biocomputational Systems and Biotechnologies
  • AIHealth 2025, The Second International Conference on AI-Health

InfoWare 2025 Congress
March 09, 2025 to March 13, 2025 - Lisbon, Portugal

  • ICCGI 2025, The Twentieth International Multi-Conference on Computing in the Global Information Technology
  • ICWMC 2025, The Twenty-Second International Conference on Wireless and Mobile Communications
  • VEHICULAR 2025, The Fourteenth International Conference on Advances in Vehicular Systems, Technologies and Applications
  • INTERNET 2025, The Seventeenth International Conference on Evolving Internet
  • COLLA 2025, The Fifteenth International Conference on Advanced Collaborative Networks, Systems and Applications
  • INTELLI 2025, The Fourteenth International Conference on Intelligent Systems and Applications
  • VISUAL 2025, The Tenth International Conference on Applications and Systems of Visual Paradigms
  • HUSO 2025, The Eleventh International Conference on Human and Social Analytics
  • BRAININFO 2025, The Tenth International Conference on Neuroscience and Cognitive Brain Information

DataSys 2025 Congress
April 06, 2025 to April 10, 2025 - Valencia, Spain

  • AICT 2025, The Twenty-Second Advanced International Conference on Telecommunications
  • ICIW 2025, The Twentieth International Conference on Internet and Web Applications and Services
  • ICIMP 2025, The Twentieth International Conference on Internet Monitoring and Protection
  • SMART 2025, The Fourteenth International Conference on Smart Cities, Systems, Devices and Technologies
  • IMMM 2025, The Fifteenth International Conference on Advances in Information Mining and Management
  • INFOCOMP 2025, The Fifteenth International Conference on Advanced Communications and Computation
  • MOBILITY 2025, The Fifteenth International Conference on Mobile Services, Resources, and Users
  • SPWID 2025, The Eleventh International Conference on Smart Portable, Wearable, Implantable and Disability-oriented Devices and Systems
  • ACCSE 2025, The Tenth International Conference on Advances in Computation, Communications and Services

ComputationWorld 2025 Congress
April 06, 2025 to April 10, 2025 - Valencia, Spain

  • SERVICE COMPUTATION 2025, The Seventeenth International Conference on Advanced Service Computing
  • CLOUD COMPUTING 2025, The Sixteenth International Conference on Cloud Computing, GRIDs, and Virtualization
  • FUTURE COMPUTING 2025, The Seventeenth International Conference on Future Computational Technologies and Applications
  • COGNITIVE 2025, The Seventeenth International Conference on Advanced Cognitive Technologies and Applications
  • ADAPTIVE 2025, The Seventeenth International Conference on Adaptive and Self-Adaptive Systems and Applications
  • CONTENT 2025, The Seventeenth International Conference on Creative Content Technologies
  • PATTERNS 2025, The Seventeenth International Conference on Pervasive Patterns and Applications
  • COMPUTATION TOOLS 2025, The Sixteenth International Conference on Computational Logics, Algebras, Programming, Tools, and Benchmarking
  • BUSTECH 2025, The Fifteenth International Conference on Business Intelligence and Technology
  • AIVR 2025, The Second International Conference on Artificial Intelligence and Immersive Virtual Reality

NexComm 2025 Congress
May 18, 2025 to May 22, 2025 - Nice, France

  • ICDT 2025, The Twentieth International Conference on Digital Telecommunications
  • SPACOMM 2025, The Seventeenth International Conference on Advances in Satellite and Space Communications
  • ICN 2025, The Twenty-Fourth International Conference on Networks
  • ICONS 2025, The Twentieth International Conference on Systems
  • MMEDIA 2025, The Seventeenth International Conference on Advances in Multimedia
  • PESARO 2025, The Fifteenth International Conference on Performance, Safety and Robustness in Complex Systems and Applications
  • CTRQ 2025, The Eighteenth International Conference on Communication Theory, Reliability, and Quality of Service
  • ALLDATA 2025, The Eleventh International Conference on Big Data, Small Data, Linked Data and Open Data
  • SOFTENG 2025, The Eleventh International Conference on Advances and Trends in Software Engineering

DigitalWorld 2025 Congress
May 18, 2025 to May 22, 2025 - Nice, France

  • ICDS 2025, The Nineteenth International Conference on Digital Society
  • ACHI 2025, The Eighteenth International Conference on Advances in Computer-Human Interactions
  • GEOProcessing 2025, The Seventeenth International Conference on Advanced Geographic Information Systems, Applications, and Services
  • eTELEMED 2025, The Seventeenth International Conference on eHealth, Telemedicine, and Social Medicine
  • eLmL 2025, The Seventeenth International Conference on Mobile, Hybrid, and On-line Learning
  • eKNOW 2025, The Seventeenth International Conference on Information, Process, and Knowledge Management
  • ALLSENSORS 2025, The Tenth International Conference on Advances in Sensors, Actuators, Metering and Sensing
  • SMART ACCESSIBILITY 2025, The Tenth International Conference on Universal Accessibility in the Internet of Things and Smart Environments

IARIA Congress 2025, The 2025 IARIA Annual Congress on Frontiers in Science, Technology, Services, and Applications
July 06, 2025 to July 10, 2025 - Athens, Greece

DigiTech 2025 Congress
July 06, 2025 to July 10, 2025 - Athens, Greece

  • DIGITAL 2025, Advances on Societal Digital Transformation
  • IoTAI 2025, The Second International Conference on IoT-AI
  • GPTMB 2025, The Second International Conference on Generative Pre-trained Transformer Models and Beyond

NexTech 2025 Congress
September 28, 2025 to October 02, 2025 - Lisbon, Portugal

  • UBICOMM 2025, The Nineteenth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies
  • ADVCOMP 2025, The Nineteenth International Conference on Advanced Engineering Computing and Applications in Sciences
  • SEMAPRO 2025, The Nineteenth International Conference on Advances in Semantic Processing
  • AMBIENT 2025, The Fifteenth International Conference on Ambient Computing, Applications, Services and Technologies
  • EMERGING 2025, The Seventeenth International Conference on Emerging Networks and Systems Intelligence
  • DATA ANALYTICS 2025, The Fourteenth International Conference on Data Analytics
  • GLOBAL HEALTH 2025, The Fourteenth International Conference on Global Health Challenges
  • CYBER 2025, The Tenth International Conference on Cyber-Technologies and Cyber-Systems

SoftNet 2025 Congress
September 28, 2025 to October 02, 2025 - Lisbon, Portugal

  • ICSEA 2025, The Twentieth International Conference on Software Engineering Advances
  • ICSNC 2025, The Twentieth International Conference on Systems and Networks Communications
  • CENTRIC 2025, The Eighteenth International Conference on Advances in Human-oriented and Personalized Mechanisms, Technologies, and Services
  • VALID 2025, The Seventeenth International Conference on Advances in System Testing and Validation Lifecycle
  • SIMUL 2025, The Seventeenth International Conference on Advances in System Simulation
  • SOTICS 2025, The Fifteenth International Conference on Social Media Technologies, Communication, and Informatics
  • INNOV 2025, The Fourteenth International Conference on Communications, Computation, Networks and Technologies
  • AISyS 2025, The Second International Conference on AI-based Systems and Services

SocSys 2025 Congress
October 26, 2025 to October 30, 2025 - Barcelona, Spain

NetWare 2025 Congress
October 26, 2025 to October 30, 2025 - Barcelona, Spain

  • SENSORCOMM 2025, The Nineteenth International Conference on Sensor Technologies and Applications
  • SENSORDEVICES 2025, The Sixteenth International Conference on Sensor Device Technologies and Applications
  • SECURWARE 2025, The Nineteenth International Conference on Emerging Security Information, Systems and Technologies
  • AFIN 2025, The Seventeenth International Conference on Advances in Future Internet
  • CENICS 2025, The Eighteenth International Conference on Advances in Circuits, Electronics and Micro-electronics
  • ICQNM 2025, The Nineteenth International Conference on Quantum, Nano/Bio, and Micro Technologies
  • FASSI 2025, The Eleventh International Conference on Fundamentals and Advances in Software Systems Integration
  • GREEN 2025, The Tenth International Conference on Green Communications, Computing and Technologies
  • HEALTHINFO 2025, The Tenth International Conference on Informatics and Assistive Technologies for Health-Care, Medical Support and Wellbeing

TechWorld 2025 Congress
October 26, 2025 to October 30, 2025 - Barcelona, Spain

 

ThinkMind // International Journal On Advances in Security, volume 11, numbers 1 and 2, 2018 // View article sec_v11_n12_2018_5

Empirical Case Studies of the Root Cause Analysis Method in Information Security

Authors:
Niclas Hellesen
Henrik Miguel Nacarino Torres
Gaute Wangen

Keywords: Information Security; Root cause analysis; Risk Management; Case study; Socio-technical; Empirical

Abstract:
Root cause analysis is a methodology that comes from the quality assurance and improvement fields. Root-cause analysis is a seven-step methodology that proposes multiple tools per step, which are designed to identify and eliminate the root cause of a reoccurring problem. Lately, the method has been adapted into the information security field, yet there is little empirical data regarding the efficiency of the Root cause analysis approach for solving information security management problems. This paper presents three empirical case studies of root cause analysis conducted under different premises to address this problem. Each case study is qualitatively evaluated with cost-benefit analysis. The primary case study is a comparison of information security risk assessment and root cause analysis results from an analysis of a complex issue regarding access control violations. The study finds that in comparison to the risk assessment, the benefits of the Root cause analysis tools are a better understanding of the social aspects of the risk, especially with regards to social and administrative causes for the problem. Furthermore, we found that the risk assessment and root cause analysis could complement each other in administrative and technical issues. The second case study tests root cause analysis as a tabletop tool by modeling an information security incident primarily through available technical documentation. The findings show that root cause analysis works with tabletop exercises for practice and learning, but we did not succeed in extracting any new knowledge under the restrictions of a tabletop exercise. In the third case study, the root cause analysis methodology was applied in a resource constrained setting to determine the root causes of a denial of service incident at small security awareness organization. In this case, the process revealed multiple previously undetected causes and had utility, especially for revealing socio-technical problems. As future work, we propose to develop a leaner version of the root cause analysis scoped for information security problems. Additionally, root cause analysis emphasizes the use of incident data and we suggest a novel research direction into conducting root cause analysis on cyber security incident data, define some of the obstacles, research paths, and utility of the direction. Our findings show that a problem needs to be costly to justify the cost-benefit of starting a full-scale root cause analysis project. Additionally, when strictly managed, root cause analysis performed well under time and resource constraints for a less complex problem. Thus, the full-scale Root cause analysis is a viable option when dealing with both complex and costly information security problems. For minor issues, a root cause analysis may be excessive or should at least be strictly time managed. Based on our findings we conclude that Root cause analysis should be a part of the information security management toolbox.

Pages: 60 to 79

Copyright: Copyright (c) to authors, 2018. Used with permission.

Publication date: June 30, 2018

Published in: journal

ISSN: 1942-2636
SERVICES CONTACT
2010 - 2022 © ThinkMind. All rights reserved.
Read Terms of Service and Privacy Policy.