Problem Analysis

Problem analysis is the thorough understanding and delineation of a problem before seeking solutions. In the context of security, "the problem" can range from a security incident (e.g., "unauthorized access to sensitive data"), to a compliance challenge (e.g., "the organization isn't meeting GDPR requirements"), or a client request ("we need to secure our cloud infrastructure against emerging threats").

This skill is important because a misunderstood security problem can lead to the wrong solution – you don't want to invest resources in securing against the wrong threats or implementing controls that don't address the actual risks.

Starting Points

• Problem analysis (ICT Research Methods)
• Problem Analysis (Taalwinkel HvA)

Key Points

• You formulate a clear problem statement in your own words, indicating who experiences the problem and what the problem exactly is. This also includes the scope: what falls within and outside the problem.
• You show which questions were asked and which techniques were used to analyze the problem.
• You demonstrate an investigative attitude by making assumptions explicit and validating them.