Let’s face it, all organizations should have an incident response plan in place in case the unthinkable happens. It’s a no brainer these days considering how savvy attackers are becoming. Responding to the incident is only part of the equation. The other part is figuring out how to avoid another incident like it again?
To be able to answer that question, you need to know what caused that “something” in the first place. The best way to determine that “something” is to do a root cause analysis. A root cause analysis can also be very helpful in determining counter measures.
The root cause analysis technique that we will cover only requires you to ask “why” at least five times. Sometimes you will be able to identify the root cause in less than 5 “whys”. Sometimes you may even have to ask more than 5 “whys”. I truly like this method because it’s simple to remember and easy to conduct.
The first formal step of the “5 Why’s” root cause analysis is to identify the problem statement. For our example below, we will use a scenario in which your car stops running in the middle of the road.
Problem Statement – “My car stopped running in the middle of the road.”
Why #1 – “Why did it stop in the middle of the road?”
Answer- “Because it ran out of gas.”
Why #2 – “Why did it run out of gas?”
Answer – “Because I didn’t fill it with gas.”
Why #3 – “Why did I not fill it with gas?”
Answer – “Because I thought I can make it.”
Why #4 – “Why did I think I can make it?”
Answer – “I have done it before and got away with it.”
Why #5 – “Why did I do it before?”
Final Answer – “Because I was lazy.”
As you can see, the analysis has concluded that laziness is the root cause. Supplementing this root cause with a counter-measure (such as behavioral change) would be a strategic way of tackling the overall problem. If we believed that the lack of gas was the root cause. the problem would have continued to happen. The person who ran out of gas this time would essentially try their luck again. It’s not until you get to the root cause that you can fully try to solve the problem statement.