The Phoenix Checklist

Like attack trees, The Phoenix Checklist has its origins in national security and was developed by the CIA. It's a straightforward, sequential approach to problem-solving, and like many of the others I particularly favour it's generally applicable to any type of problem.

When to Use It

Unlike many other problem-solving approaches, the checklist does not rely on having a clear definition of the problem to start with - refining the problem is part of the process.

As such, it's a great one to use when the problem is still vague. It's procedural nature also makes it suitable for use by an individual as well as small groups, and its use is well-documented so it's good to use with people new to problem-solving tools.

It isn't a fast process, and is very much in-depth. It's best to use when you or the people you're working with have deep understanding and expertise in the problem domain.

How It Works

The checklist consists of just under 50 questions (depending how you break them up and define a question, 44-49). The approach with these is straightforward - once you know the problem you are trying to solve go through the questions one at a time, consider them carefully, spend some time pondering, and answer them before moving onto the next.

Rather than write them out here in full, there's a download here which has all of the questions available which you can print as a guide.

Broadly you can break down the questions into two categories - defining/refining the problem and planning the solution. The switchover point is a great time to go, get a coffee, and clear your head if you're developing a headache.

Alternatively if you find the blog useful and want to support it, and/or want something a little sturdier, you can buy a poster version from Security Blend Books.