5.1 Given a scenario, apply the best practice methodology to resolve problems.

  • Always consider corporate policies, procedures, and impacts before implementing changes
    • Identify the problem
      • Gather information from the user, identify user changes, and, if applicable, perform backups before making changes
      • Inquire regarding environmental or infrastructure changes
  • Establish a theory of probable cause (question the obvious)
    • If necessary, conduct external or internal research based on symptoms
  • Test the theory to determine the cause
    • Once the theory is confirmed, determine the next steps to resolve problem
    • If the theory is not confirmed, re-establish new theory or escalate
  • Establish a plan of action to resolve the problem and implement the solution
    • Refer to the vendor’s instructions for guidance
  • Verify full system functionality and, if applicable, implement preventive measures
  • Document findings, actions, and outcomes

Problem Solving Process

We should always follow the policy of the customer or the employer unless it is illegal or immoral.

You should remember that policies are created by people with experience.  You must respect their decisions and their judgement.  If you don’t agree with the policy, you have the option to bring it up with management. 

If you see something illegal, you have the option to report it to law enforcement.  You should not leak information to the media or take matters into your own hands.

Consider the impact of your actions on the business and the users before making any changes.

Step 1: Identify the problem?

Ask the user if they made any changes.  Users will forget.  Users will lie.  Users will assume that some changes they made didn’t cause the problem and neglect to mention them.  Remember that most users are not computer experts.  Don’t be judgemental.

Check if there have been environmental/infrastructure changes. 

  • For example, a site wide network upgrade, or a roll out of a software update that has created undesired effects.  In larger organizations, networks, storage, servers, and other infrastructure may be managed by separate teams, who don’t necessarily communicate with each other when they should.

  • Check the system logs, event viewer, etc. on the affected devices

Step 2: Come up with a theory for what caused the issue and perform some research if necessary

Many good sources of information include

  • Online sites such as Stack Overflow, Spiceworks, Experts Exchange, Reddit

  • Other professionals

  • Manufacturer websites

Step 3: Test the theory

  • Determine if the theory is the cause of the problem

  • Determine the steps required to solve the problem

  • If the theory is not the correct cause of the problem, find a new theory

Step 4: Take Action

  • Get permission to take action

  • Execute the plan to resolve the problem

  • Step 4 and Step 5 can be combined

Step 5: Verify Functionality

  • Confirm that the system is operational

  • Confirm that the measures you took to correct the problem did not create additional problems

  • Preventative measures

    • Educate the user about the cause of the problem
    • Educate other users and teams so that they understand the cause of the problem and the solutions.  This will help them take corrective action in the future.
    • Make corrective actions/settings permanent
    • Add restrictions or warning signs to the systems

Step 6: Document Findings

  • It is important to document the findings so that others can learn

  • It is good to share knowledge with co-workers and with the community

  • If you discover a security flaw, you should share it to prevent others from being harmed