Conducting a Security Incident Postmortem
Because of the iterative nature of security, you need to ensure that your response team and organization learn from any incident that occurs, and you must incorporate those lessons into future protective measures and their supporting processes. Following each security issue, you should hold a debriefing session. In that session, all the participants and key stakeholders should discuss the specifics of the incident, including the following:
What went right
What could have gone more smoothly
Measures that could have prevented the incident
What the organization needs to do to ensure that this type of incident is not repeated
How much the security incident has cost the organization
During the postmortem review, ...
Get Microsoft® Windows® Security Resource Kit, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.