DEFINING PARETO ANALYSIS
Pareto analysis is a problem-solving method developed in 1986 by Taguchi, a pioneer in the quality control movement, and adapted by the Business Information Security Program (BISP) for controlling security. Pareto analysis prioritizes problems identified in cause-and-effect analysis in their order of importance. The Pareto diagram is a simple bar chart that lists the frequencies of potential threats of a problem. For purposes of information process security, the place in the process having the most potential threats is also the most important problem and the first in order of priority to be secured.
DESCRIBING PARETO ANALYSIS
Consider a document that arrives at a company by the U.S. mail. The document is (1) delivered to the company mailroom, (2) sorted, (3) picked up by a mail clerk, (4) delivered to a departmental mailbox, and (5) retrieved by an employee or delivered to some job position where one or more job tasks are performed on the document. Examples of such tasks may be entering information into a company database or verifying information on the document. Typically, several job positions may perform several job tasks involving either paper or digital processing of incoming financial and other applications and documents. In this brief scenario, there are at least four susceptible points where the identity of an employee or customer could be compromised: (1) from the incoming ...