← Cybersecurity Alphabet Soup

RCA

Root Cause Analysis

operationsmedium

RCA is the structured investigation done after an incident to identify the underlying cause, not just the visible symptoms. IR teams conduct RCA during post-incident review to answer why the breach was possible and what systemic fix prevents a repeat. It matters because patching one compromised server without fixing the root cause invites the same attack next month.

Sources

More in operations