Post-Incident Activity

Post-incident activity is an important part of the response plan and should not be skipped. After any incident, large or small, it is recommended to meet with relevant stakeholders and discuss the elements that worked well and examine those that did not work. This kind of “lessons learned” analysis can help your organization improve processes over time and ensure that future incidents are handled more efficiently and thereby minimize potential impact. Your analysis should also include technological controls being used to help detect and protect the infrastructure. Analyzing effectiveness of your technology can clarify any needed architectural modifications, divestment, or new investments in security technologies can keep the security maturity model evolving. Each organization is different, and the recommendations presented in this document are general in their nature. In all cases of a potential incident where your organization requires assistance, please contact your incident response team or service provider