Identifying Control Failures
Identifying Control Failures
Understanding which controls failed helps prioritize improvements:
Control Failure Analysis Matrix:
| Control Layer | Expected Function | Actual Performance | Failure Mode |
|---|---|---|---|
| Email Gateway | Block malicious attachments | Allowed through | Signature not available |
| User Training | Recognize phishing | User clicked link | Training was 18 months old |
| Endpoint Protection | Detect malware execution | No alert generated | Definition outdated |
| Network Monitoring | Detect C2 traffic | Traffic observed but not alerted | SIEM rule too narrow |
| Backup System | Enable recovery | Backups encrypted | Same credentials used |
| Incident Response | Rapid containment | 6-hour response | On-call process unclear |