Question

Your organization has responded to a security incident. The breach has been contained, and all systems have been recovered. What should you do last as part of the incident response?

a) Triage
b) Investigation
c) Post-mortem review
d) Analysis

Answer 1

The correct answer is c) Post-mortem review. This review involves analyzing the incident, identifying vulnerabilities, and implementing improvements to prevent future incidents.

Step-by-step explanation:

The correct answer is c) Post-mortem review. After a security incident, conducting a post-mortem review is the last step of the incident response process. This review involves analyzing the incident, identifying any vulnerabilities or weaknesses in the system or processes that allowed the breach to occur, and implementing improvements or corrective measures to prevent future incidents.

During the post-mortem review, all aspects of the incident are evaluated, including the response efforts, the effectiveness of the containment measures, and the overall impact on the organization. Gathering insights from the incident helps to build a more resilient and secure environment.

By conducting a thorough post-mortem review, organizations can learn from past incidents and make informed decisions to enhance their security posture and reduce the risk of future breaches.