Cause of Error

3. Security Impact

Security events break customer trust in us; being good at information security, is about preserving customer trust. Many events have a customer or security impact, and this process makes a point of treating them equally.

Security events are a special class of event, in that they may have downstream, unknown or unintended consequences that weren't clear at the original time of the event, or the time when the post-mortem analysis is completed. They may have their own process and team involved in the incident separately. CoE helps that work.

Cause of Error is not a substitute for an Information Security Incident Response plan.

CoE may be part of one.

There was no security impact.

If there was no impact, then "There was no security impact." is sufficient; but care should be taken, especially with internet or customer facing systems.

If we define Security as Confidentialty, Integrity and Availability, was there definitely still no impact?

Produce a single document with seven sections:

1. Summary

A simple description of what happened.

2. Customer Impact

Describe the issue from the point of view of our customers. What did they see?

3. Security Impact

Was any system, data or privacy breached?

4. Timeline

Who did what when, and when the problem was resolved.

5. Five Whys

Keeping asking Why until you have a root cause. Dissect or deconstruct at every stage.

6. Lessons Learned

What did we learn from this problem?

7. Next Actions

Given the things we learned, what will we do next about this?

Implementation Notes

How to implement this method in practice.

v0.1 22/01/22