Charles Miller, in his recent post on Penetration Testing, wrote:
A successful penetration indicates something more than a particular security flaw. It indicates some systemic flaw in network security policies or practices.
and:
If the penetration is successful, it is to… practices and procedures that management should return, to examine how they could be better implemented, or more clearly communicated to employees.
Events and Causal Factors Analysis is a technique for analysing and communicating the systemic and indirect causes of incidents. It would be useful for examining faults in practices and procedures after a ‘successful penetration.’
Comments
If you are interested in Events and Causal Factors Analysis you might visit www.nri.eu.com and download (no charge) the manual on ECFA+. This is an updated version of the ECFA method.