Comments on: Incident Response Lessons Learned http://www.cutawaysecurity.com/blog/archives/503 Cutaway's Observations, Opinions, Rants, Raves, Tantrums, and Tirades Wed, 02 Jun 2010 22:30:56 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: D Garner http://www.cutawaysecurity.com/blog/archives/503/comment-page-1#comment-31090 D Garner Thu, 26 Feb 2009 08:27:37 +0000 http://www.cutawaysecurity.com/blog/?p=503#comment-31090 Where we are at, the LL is becoming a solid fixture. It is sorting out the mundane from the sublime. Known issues, from the ITIL universe, are becoming much more clear with "workarounds" changing from duct tape and bubble gum to recommendations on controls and improved configurations. It's a shame that remediation of known elements do not receive complete backing from management until something breaks. Granted, our LL's are fast and from the hip, but all the stakeholders are not paying attention and showing up for our hour of education. Where we are at, the LL is becoming a solid fixture. It is sorting out the mundane from the sublime. Known issues, from the ITIL universe, are becoming much more clear with “workarounds” changing from duct tape and bubble gum to recommendations on controls and improved configurations. It’s a shame that remediation of known elements do not receive complete backing from management until something breaks. Granted, our LL’s are fast and from the hip, but all the stakeholders are not paying attention and showing up for our hour of education.

]]> By: cutaway http://www.cutawaysecurity.com/blog/archives/503/comment-page-1#comment-31088 cutaway Fri, 20 Feb 2009 18:37:46 +0000 http://www.cutawaysecurity.com/blog/?p=503#comment-31088 @Mark of taproot: You are missing my point. I'll start with a quote from your post "<strong>Once an investigator is trained</strong> in using TapRooT®, they find a broader range of causes..." I have no problem with people and organizations using any method to help them determine how to follow up an incident. I'm merely trying to give them a technique that they can use RIGHT NOW. Hopefully they well see your comment and review these techniques. If they like it then they can start using it. Until then, they need a stop gap solution and 5 Whys does just that. To many organizations need to start doing lessons learned. Once they start they can start looking into methods to improve their technique. Thank you for pointing out one of those methods. Go forth and do good things, Don C. Weber @Mark of taproot:

You are missing my point. I’ll start with a quote from your post “Once an investigator is trained in using TapRooT®, they find a broader range of causes…” I have no problem with people and organizations using any method to help them determine how to follow up an incident. I’m merely trying to give them a technique that they can use RIGHT NOW. Hopefully they well see your comment and review these techniques. If they like it then they can start using it. Until then, they need a stop gap solution and 5 Whys does just that.

To many organizations need to start doing lessons learned. Once they start they can start looking into methods to improve their technique. Thank you for pointing out one of those methods.

Go forth and do good things,
Don C. Weber

]]> By: Mark http://www.cutawaysecurity.com/blog/archives/503/comment-page-1#comment-31087 Mark Fri, 20 Feb 2009 18:09:13 +0000 http://www.cutawaysecurity.com/blog/?p=503#comment-31087 5 Whys is really a very poor root cause analysis technique. I've written about why 5-Whys doesn't work well before. See: http://taproot.com/wordpress/2007/03/05/whats-wrong-with-cause-and-effect-5-whys-fault-trees/ for some ideas. 5 Whys is really a very poor root cause analysis technique.

I’ve written about why 5-Whys doesn’t work well before.

See:

http://taproot.com/wordpress/2007/03/05/whats-wrong-with-cause-and-effect-5-whys-fault-trees/

for some ideas.

]]>