From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Post-incident activities

Post-incident activities

From the course: CompTIA Security+ (SY0-601) Cert Prep: 9 Operations and Incident Response

Start my 1-month free trial

Post-incident activities

- [Instructor] Once the incident response team returns the organization to a normal operating state, avoid the temptation to end the response effort without completing an important final step, post-incident activities. Let's talk about three important post-incident activities. The lessons learned process, evidence retention, and the generation of indicators of compromise. The lessons learned process is designed to provide everyone involved in the incident response effort an opportunity to reflect on their individual role in the incident and the team's response overall. The lessons learned process provides an opportunity to improve the processes and technologies used in incident response to better respond to future security crises. And the most common way to conduct a lessons learned session is to gather everyone in the same room, or connect them by video conference or telephone and ask a trained facilitator to lead a…

Contents