Question

Following the successful response to a data-leakage incident, the incident team lead facilitates an exercise that focuses on continuous improvement of the organization's incident response capabilities.

Which of the following activities has the incident team lead executed?

A. Lessons learned review
B. Root cause analysis
C. Incident audit
D. Corrective action exercise

Answer 1

The incident team lead facilitated a Lessons Learned Review, which aims to improve future incident response by gathering stakeholder feedback and information from various sources.

Step-by-step explanation:

The activity executed by the incident team lead following the data-leakage incident, which focuses on continuous improvement of the organization's incident response capabilities, is known as a Lessons Learned Review. This process is crucial as it involves the gathering of information from customers and other stakeholders, reviewing the incident comprehensively, and finding expert information to better prepare for future events. Unlike a Root Cause Analysis, which identifies the fundamental problem, or an Incident Audit, which may assess compliance with standards, a Lessons Learned Review aims to capture all aspects of the incident to facilitate organizational learning and improve processes.