The lessons learned process is designed to provide everyone involved in the incident response effort an opportunity to reflect on their individual role in the incident and the team's response overall. It is an opportunity to improve the processes and technologies used in incident response to better respond to future security crises.
- [Instructor] Once the incident response team…returns the organization to a normal operating state,…all too often the response effort ends without completing…an important final step, conducting a…lessons learned session and writing up the results…in an incident report.…The lessons learned process is designed to provide…everyone involved in the incident response effort…an opportunity to reflect on their individual role…in the incident and the team's response overall.…It's an opportunity to improve the processes…and technologies used in incident response…to better respond to future security crises.…
The most common way to conduct lessons learned…is to gather everyone in the same room or connect them…via teleconference or video conference and ask…a trained facilitator to lead a lessons learned session.…Ideally this facilitator should have played no role…in the incident response, leaving him or her…with no preconceived notions about the response.…The facilitator should be a neutral party…who simply helps guide the conversation.…
Author
Released
4/30/2018Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Conducting investigations
- Forensics
- Reporting and documenting incidents
- Continuous security monitoring
- Preventing data loss and theft
- Asset management
- Change management
- Virtualization security
- Security principles: need to know, separation of duties, and more
- Building an incident response program
- Personnel safety and emergency management
Skill Level Intermediate
Duration
Views
Related Courses
-
Insights from a Cybersecurity Professional
with Mike Chapple32m 15s Intermediate
-
Introduction
-
Welcome2m 43s
-
-
1. Investigations and Forensics
-
Evidence types3m 51s
-
System and file forensics4m 17s
-
Network forensics4m 19s
-
Software forensics2m 52s
-
Embedded device forensics2m 50s
-
Chain of custody2m 13s
-
2. Logging and Monitoring
-
Data loss prevention6m 34s
-
3. Resource Security
-
Physical asset management3m 12s
-
Virtualization4m 20s
-
Virtualization security6m 20s
-
Cloud computing models3m 44s
-
Public cloud tiers5m 35s
-
-
4. Security Principles
-
5. Incident Management
-
Incident identification4m 2s
-
Escalation and notification2m 42s
-
Mitigation2m 46s
-
Recovery and reconstitution2m 20s
-
6. Personnel Safety
-
Employee safety2m 26s
-
Emergency management2m 14s
-
-
Conclusion
-
What's next?43s
-
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.
CancelTake notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: Lessons learned and reporting