Security for Everyone≫Part IV: Maturing Your Security Strategy≫Learning From Incidents and Disasters≫

Holding a Post-Incident Review

From

editione1.0.0

Updated October 9, 2023

Security for Everyone

A post-incident review should be held after every incident, preferably within two weeks of the main event. This ensures that things are still fresh in people’s minds and that you don’t end up reviewing one incident while handling another.

Everyone involved with an incident should be included in the post-incident review. This may include representatives from external stakeholders and customers where appropriate. A high-level summary of lessons learned and changes made should be added to the customer view of the incident documentation.

Documenting Incidents and Disasters

All incidents should be documented. This documentation serves as a historical record of the incident and the activities resulting from it.

Documentation should contain at a minimum:

a timeline of events

You’re reading a preview of an online book. Buy it now for lifetime access to expert knowledge, including future updates.

If you found this post worthwhile, please share!

Related sections

How to Protect Your Information and Accounts

Getting Outside IT or Security Help

What Is Due Diligence?

Risk as the Foundation of Security Management

Compliance at Scale