NexTech 2021 Congress
October 03, 2021 to October 07, 2021 - Barcelona, Spain

  • UBICOMM 2021, The Fifteenth International Conference on Mobile Ubiquitous Computing, Systems, Services and Technologies
  • ADVCOMP 2021, The Fifteenth International Conference on Advanced Engineering Computing and Applications in Sciences
  • SEMAPRO 2021, The Fifteenth International Conference on Advances in Semantic Processing
  • AMBIENT 2021, The Eleventh International Conference on Ambient Computing, Applications, Services and Technologies
  • EMERGING 2021, The Thirteenth International Conference on Emerging Networks and Systems Intelligence
  • DATA ANALYTICS 2021, The Tenth International Conference on Data Analytics
  • GLOBAL HEALTH 2021, The Tenth International Conference on Global Health Challenges
  • CYBER 2021, The Sixth International Conference on Cyber-Technologies and Cyber-Systems

SoftNet 2021 Congress
October 03, 2021 to October 07, 2021 - Barcelona, Spain

  • ICSEA 2021, The Sixteenth International Conference on Software Engineering Advances
  • ICSNC 2021, The Sixteenth International Conference on Systems and Networks Communications
  • CENTRIC 2021, The Fourteenth International Conference on Advances in Human-oriented and Personalized Mechanisms, Technologies, and Services
  • VALID 2021, The Thirteenth International Conference on Advances in System Testing and Validation Lifecycle
  • SIMUL 2021, The Thirteenth International Conference on Advances in System Simulation
  • SOTICS 2021, The Eleventh International Conference on Social Media Technologies, Communication, and Informatics
  • INNOV 2021, The Tenth International Conference on Communications, Computation, Networks and Technologies
  • HEALTHINFO 2021, The Sixth International Conference on Informatics and Assistive Technologies for Health-Care, Medical Support and Wellbeing

NetWare 2021 Congress
November 14, 2021 to November 18, 2021 - Athens, Greece

  • SENSORCOMM 2021, The Fifteenth International Conference on Sensor Technologies and Applications
  • SENSORDEVICES 2021, The Twelfth International Conference on Sensor Device Technologies and Applications
  • SECURWARE 2021, The Fifteenth International Conference on Emerging Security Information, Systems and Technologies
  • AFIN 2021, The Thirteenth International Conference on Advances in Future Internet
  • CENICS 2021, The Fourteenth International Conference on Advances in Circuits, Electronics and Micro-electronics
  • ICQNM 2021, The Fifteenth International Conference on Quantum, Nano/Bio, and Micro Technologies
  • FASSI 2021, The Seventh International Conference on Fundamentals and Advances in Software Systems Integration
  • GREEN 2021, The Sixth International Conference on Green Communications, Computing and Technologies

TrendNews 2021 Congress
November 14, 2021 to November 18, 2021 - Athens, Greece

  • CORETA 2021, Advances on Core Technologies and Applications
  • DIGITAL 2021, Advances on Societal Digital Transformation

 


ThinkMind // International Journal On Advances in Security, volume 11, numbers 1 and 2, 2018 // View article sec_v11_n12_2018_5


Empirical Case Studies of the Root Cause Analysis Method in Information Security

Authors:
Niclas Hellesen
Henrik Miguel Nacarino Torres
Gaute Wangen

Keywords: Information Security; Root cause analysis; Risk Management; Case study; Socio-technical; Empirical

Abstract:
Root cause analysis is a methodology that comes from the quality assurance and improvement fields. Root-cause analysis is a seven-step methodology that proposes multiple tools per step, which are designed to identify and eliminate the root cause of a reoccurring problem. Lately, the method has been adapted into the information security field, yet there is little empirical data regarding the efficiency of the Root cause analysis approach for solving information security management problems. This paper presents three empirical case studies of root cause analysis conducted under different premises to address this problem. Each case study is qualitatively evaluated with cost-benefit analysis. The primary case study is a comparison of information security risk assessment and root cause analysis results from an analysis of a complex issue regarding access control violations. The study finds that in comparison to the risk assessment, the benefits of the Root cause analysis tools are a better understanding of the social aspects of the risk, especially with regards to social and administrative causes for the problem. Furthermore, we found that the risk assessment and root cause analysis could complement each other in administrative and technical issues. The second case study tests root cause analysis as a tabletop tool by modeling an information security incident primarily through available technical documentation. The findings show that root cause analysis works with tabletop exercises for practice and learning, but we did not succeed in extracting any new knowledge under the restrictions of a tabletop exercise. In the third case study, the root cause analysis methodology was applied in a resource constrained setting to determine the root causes of a denial of service incident at small security awareness organization. In this case, the process revealed multiple previously undetected causes and had utility, especially for revealing socio-technical problems. As future work, we propose to develop a leaner version of the root cause analysis scoped for information security problems. Additionally, root cause analysis emphasizes the use of incident data and we suggest a novel research direction into conducting root cause analysis on cyber security incident data, define some of the obstacles, research paths, and utility of the direction. Our findings show that a problem needs to be costly to justify the cost-benefit of starting a full-scale root cause analysis project. Additionally, when strictly managed, root cause analysis performed well under time and resource constraints for a less complex problem. Thus, the full-scale Root cause analysis is a viable option when dealing with both complex and costly information security problems. For minor issues, a root cause analysis may be excessive or should at least be strictly time managed. Based on our findings we conclude that Root cause analysis should be a part of the information security management toolbox.

Pages: 60 to 79

Copyright: Copyright (c) to authors, 2018. Used with permission.

Publication date: June 30, 2018

Published in: journal

ISSN: 1942-2636

SERVICES CONTACT
2010 - 2017 © ThinkMind. All rights reserved.
Read Terms of Service and Privacy Policy.