Which of the following is the best action to take after the conclusion of a security incident to improve incident response in the future?

Which of the following is the best action to take after the conclusion of a security incident to improve incident response in the future?
A . Develop a call tree to inform impacted users
B . Schedule a review with all teams to discuss what occurred
C . Create an executive summary to update company leadership
D . Review regulatory compliance with public relations for official notification

View Answer

Answer: B

Explanation:

One of the best actions to take after the conclusion of a security incident to improve incident response in the future is to schedule a review with all teams to discuss what occurred, what went well, what went wrong, and what can be improved. This review is also known as a lessons learned session or an after-action report. The purpose of this review is to identify the root causes of the incident, evaluate the effectiveness of the incident response process, document any gaps or weaknesses in the security controls, and recommend corrective actions or preventive measures for future incidents.

Reference: https://www.eccouncil.org/cybersecurity-exchange/threat-intelligence/cyber-kill-chain-seven-steps-cyberattack/