Fault Tree Analysis Methodology

Business Continuity Disaster Recovery planning is served by analysis of system vulnerabilities to discern methods for safeguarding critical support systems and information technology operations. The analysis identifies points of failure that may result in interruptions of critical IT and infrastructure systems.

Fault Tree Analysis is the ‘best practice’ for discerning and prioritizing the risks associated with a system’s points of failure. Prioritization is required since resources and time to mitigate failure points are limited and insufficient, respectively.

A Fault Tree Analysis allows for the calculation of a system’s risk. The risk calculation is summarized as a Failure Contribution Ranking. The Ranking is used to focus appropriate effort towards mitigating the risks to the system.


Fault Tree Analysis

  • Formulate and deliver the set of system vulnerabilities as a ‘Fault Tree’.
  • Perform Fault Tree Analysis of IT system’s components to document their contributions to overall or partial failure of the subject system. This includes SME interviews and facilitated working sessions.

Circuit Diagrams

  • Circuit Diagrams provide a graphical view of the qualitative aspects of the system, such as redundancies and single points of failure. The fault tree is simplified into a Circuit Diagram to facilitate ad hoc presentation to Leadership and discussion of approach and results.
    • Formulate and deliver the set of system vulnerabilities as Circuit Diagrams.
    • Interpret the Circuit Diagram to assist Leadership in re-directing the analysis effort according to new information.

Minimal Cut Set

  • A Cut Set is a list of component failures that would result in system failure; it is minimal if it doesn't contain any unnecessary failures. The central result of Fault Tree Analysis is the determination of the Minimal Cut Set.
    • Formulate and deliver the set of system vulnerabilities as Minimal Cut Set diagrams.
    • Report to Leadership on the Minimal Cut Set.

Failure Modes Contribution Ranking

  • In a security context, sorting the cut sets by costs and probabilities allows Leadership to focus on the high-impact points of failure to which the system is most easily vulnerable. The Failure Modes Contribution Ranking (FMR) calculations reveal the individual modes’ comparative contribution to overall system failure.
    • Formulate and deliver the set of system vulnerabilities as a Failure Modes Contribution Ranking.
    • Report to Leadership on the Failure Modes Contribution Ranking.

Mitigation Procedures

  • A system is robust to the degree that it can resist or recover from failures. Therefore, the failure analysis should be followed by the development of mitigation procedures that address the maximum risks of system failure. The steps for determining mitigating processes and procedures generally fall under Business Process Architecture and should be a subject of appropriate project management.