Cyber Incident Analysis
Tram C reveals not only the technical failures behind a cyber incident, but the organisational, cultural and managerial conditions that made them possible — giving your organisation the complete picture needed to prevent recurrence.
Tram C is designed for organisations where a thorough understanding of cyber incidents is not optional.
Your systems are back online. But do you know why it happened — and how to prevent the next one? A technical post-mortem stops at the infrastructure layer. Tram C surfaces the organisational decisions and cultural conditions that enabled the attack to succeed.
The NIS-2 directive requires organisations to implement structured methods for deep analysis of cyber incidents. Tram C provides the validated methodology to meet that obligation — and the structured reports to demonstrate compliance to supervisory authorities.
When reviewing an organisation's response to a cyber incident, you need a clear standard against which to assess depth and quality of the analysis. Tram C provides that framework, covering technical, ICT, organisational and external causal dimensions in a structured, auditable form.
Most post-incident analyses focus exclusively on the technical chain of events: what system failed, what vulnerability was exploited, what the attacker did. These findings matter — but they explain only part of the story.
The conditions that allowed the attack to succeed — insufficient security investment, organisational silos, outdated governance, a culture where risk warnings go unheeded — are rarely surfaced. Without addressing these root causes, the next incident is a matter of when, not if.
A validated, academically-grounded method for comprehensive cyber incident analysis, developed through iterative real-world application at major telecommunications operators.
Every incident is mapped across four layers: External conditions, Organisational decisions, ICT systems, and Physical/Actor events — revealing the complete causal chain from boardroom to breach.
Tram C analyses both how the incident developed and how the crisis was managed. Each phase exposes different organisational strengths and weaknesses — both are equally important for resilience.
Tram C explicitly models positive feedback loops — the cascade dynamics that amplify incidents into full outages — and identifies exactly where they can be interrupted to limit future damage.
Recommendations are clustered by organisational capability and ranked using a five-level maturity model — so leadership knows exactly where to invest first for maximum resilience gain.
The analysis begins with an objective technical reconstruction — establishing shared facts before examining human and organisational factors. This creates the constructive atmosphere needed for honest, complete findings.
Developed through iterative real-world case studies and published in peer-reviewed journals. Tram C extends AcciMap — the most widely cited systemic accident analysis method in international academic literature.
Review available documentation and brief the organisation on the analysis process, ensuring the right experts are available and the collaboration runs smoothly.
Establish an objective, factual account of the technical sequence — without assigning blame — creating a shared foundation for the full analysis.
Systematically document the direct and indirect consequences of the incident — for services, the organisation, and stakeholders. This provides the basis for understanding severity and evaluating crisis management.
Systematically map all contributing causes across four analytical layers: external conditions, organisational decisions, ICT systems, and physical/actor events.
Connect the identified causes in a causal diagram, identify and fill missing links, and map cascade dynamics — the positive feedback loops that amplified the incident.
Formulate recommendations in collaboration with workshop participants based on the verified causal diagram, then prioritise them using an organisational maturity model so management knows exactly where to invest first.
From building internal capability to independent investigation and ongoing improvement — Australius supports you at every stage of the incident analysis cycle.
Structured training programmes that equip your teams with the Tram C methodology. We train both technical and non-technical staff, enabling your organisation to build independent capability for thorough incident analyses.
Expert-led incident analysis using the Tram C method. We work with your subject matter experts to produce a comprehensive causal map, a full set of prioritised recommendations, and a report suitable for board and regulatory use.
Turning the output of an analysis into concrete, sustained organisational change. We help you develop an implementation roadmap, prioritise investments, and translate recommendations into measurable actions with clear ownership.
After improvements have been implemented, we assess whether the intended resilience gains have been achieved — providing your board and supervisory authorities with independent, evidence-based assurance.
Whether you have recently experienced an incident, are implementing NIS-2 compliance measures, or need an independent analysis framework — we would like to hear from you.
Complete the form and we will be in touch within two business days.
Australius is based in Groningen and works with organisations across the Netherlands and beyond.
info@australius.nl