Effective Problem Solving

Root-cause analysis can identify solutions for data security breaches.
This story appears in the September 2009 issue of BizTech Magazine.

Mark Hall

William M. Dickerson

Since 2005, 255 million data security breaches involving sensitive personal information have been reported in the United States, according to Privacy Rights Clearinghouse.

When tackling the problem of data breaches, some rely on statistical analyses of industry trends. Information from actual breaches has been categorized by such criteria as business sector, type of data breached, and the proportion attributed to malicious acts, theft, hacking and careless or untrained employees. Solutions are then recommended based on the trend data exhibiting the highest percentages or greatest threats.

This approach is one of the reasons why problem-solving is often ineffective: Solutions based on categories do not specifically address the causes of a given problem. Generic, categorical solutions fail at a much higher rate than do solutions targeted at specific causes of defined problems.

The problem management component of the IT Infrastructure Library framework sets the stage for an organization to adopt effective problem-solving strategies that will protect the company and its customers. Successful IT problem-solving organizations are increasingly implementing formal root-cause analysis (RCA) within their ITIL problem management structure.

Although there’s a common perception that RCA is used to deal only with problems that have already occurred, it can also help to mitigate risk. RCA can be used to plan how a sys­tem or process should ideally function. IT can also enhance continuous improvement processes, demonstrate due diligence and analyze positive events so they can be repeated.

Using a multiple-event analysis, for instance, can help an organization find links between problems that might otherwise be undetectable using other tools.

Best practices when implementing RCA for IT problem management include:

  1. Crafting threshold criteria based on business goals or scorecard metrics to identify incidents requiring full investigations.
  2. Precisely defining major problems and quantifying business impact.
  3. Allocating adequate time and resources commensurate with impact and risk.
  4. Completing analysis consistently using the same process to ensure the RCA can stand up to independent auditing.
  5. Instituting a rigorous validation process that uses evidence to verify causes.
  6. Avoiding the creation of categories when analyzing problems and their causes.
  7. Using the talents of the people who use, maintain and deliver IT services to help identify the best solutions. This is more effective than relying on an automated tool that uses formulaic solutions.
  8. Prioritizing solutions based on criteria such as cost, payback and ease of implementation so they can be rationalized against business impact statements.
  9. Developing solutions that are clear and descriptive enough to be successfully implemented by a third party and effectively monitored.
  10. Focusing monitoring metrics on implementation timing and the effectiveness of the solutions, and reporting regularly on program successes.

Mark Hall is an account manager with Apollo Associated Services, a provider of root-cause analysis training, consulting, software and investigations.

William M. Dickerson leads the IT enterprise problem management group for a leading aerospace company.

Sign up for our e-newsletter


Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....


The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.