Explore the lessons learned process, which is designed to provide everyone involved in the incident response effort with an opportunity to reflect on their roles in the incident. Learn how this opportunity helps improve the processes and technologies used in incident response to better respond to future security crises.
- [Narrator] Once the incident response team…returns the organization to a normal operating state,…all too often the response effort ends…without completing an important final step:…conducting a lessons learned session…and writing up the results in an incident report.…The lessons learned process is designed to provide…everyone involved in the incident response effort…an opportunity to reflect on their individual role…in the incident, and the team's response overall.…It's an opportunity to improve the processes…and technologies used in incident response…to better respond to future security crises.…
The most common way to conduct lessons learned…is to gather everyone in the same room…or connect them via teleconference or video conference…and ask a trained facilitator to lead…a lessons learned session.…Ideally, this facilitator should have played no role…in the incident response,…leaving him or her with no preconceived notions…about the response.…The facilitator should be a neutral party…who simply helps guide the conversation.…
- Building an incident response program
- Escalation and notification
- eDiscovery process
- Conducting investigations
- System and file forensics
- Reporting and documenting incidents
- Business continuity planning
- Validating backups
- Testing BC/DR plans
Skill Level Intermediate
Q: This course was updated on 06/01/2018. What changed?
A: We updated three videos, covering creating an incident response program, communications plan, and response team.
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Intermediate
IT Security Foundations: Core Conceptswith Lisa Bock1h 13m Beginner
1. Incident Management
2. Investigations and Forensics
3. Business Continuity
4. Disaster Recovery
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.