18.6. Prepare a Postmortem
The final step in the process of handling a security incident is preparing a postmortem. A postmortem should be a short report, no more than two or three pages, that details the attack and the steps taken to resolve the security hole that was exploited.
For serious security incidents, a postmortem should be presented to the senior officers of the company, as an explanation of what occurred, and what steps are being taken to prevent it from recurring. The senior company officials should sign off on the postmortem before it is distributed to other employees in the company.
A postmortem can be used as the basis for other documents, such as a press statement if the attack was particularly high profile, and it can be the ...
Get The Practice of Network Security: Deployment Strategies for Production Environments now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
