Since 2005, 255 million data security breaches involving sensitive personal information have been reported in the United States, according to Privacy Rights Clearinghouse.
When tackling the problem of data breaches, some rely on statistical analyses of industry trends. Information from actual breaches has been categorized by such criteria as business sector, type of data breached, and the proportion attributed to malicious acts, theft, hacking and careless or untrained employees. Solutions are then recommended based on the trend data exhibiting the highest percentages or greatest threats.
This approach is one of the reasons why problem-solving is often ineffective: Solutions based on categories do not specifically address the causes of a given problem. Generic, categorical solutions fail at a much higher rate than do solutions targeted at specific causes of defined problems.
The problem management component of the IT Infrastructure Library framework sets the stage for an organization to adopt effective problem-solving strategies that will protect the company and its customers. Successful IT problem-solving organizations are increasingly implementing formal root-cause analysis (RCA) within their ITIL problem management structure.
Although there’s a common perception that RCA is used to deal only with problems that have already occurred, it can also help to mitigate risk. RCA can be used to plan how a system or process should ideally function. IT can also enhance continuous improvement processes, demonstrate due diligence and analyze positive events so they can be repeated.
Using a multiple-event analysis, for instance, can help an organization find links between problems that might otherwise be undetectable using other tools.
Best practices when implementing RCA for IT problem management include:
Mark Hall is an account manager with Apollo Associated Services, a provider of root-cause analysis training, consulting, software and investigations.
William M. Dickerson leads the IT enterprise problem management group for a leading aerospace company.