I am currently performing some research on incident response processes to establish it in a SOC.
The current state of my research focuses around the NIST SP 800-61r2 and some SANS papers. I did not find anything detailed about
root cause analysis on incidents (e.g. 5 Why's or Ishikawa-Diagram). To me, it seems to play a minor role in the information security industry.
Am I missing out on valuable papers about root cause analysis in the security industry or why is there so little information about the topic?
Dec 28th 2018
1 month ago