It's the Living I Fear': A Cybersecurity Post-Incident Review

Most incident response plans only address eradication and recovery in an effort to return the business to normal operations as quickly as possible. In the haste to close investigations and move on to the next issue, it’s easy to ignore the critical phase of post-incident review. Skipping this phase robs security teams of invaluable learning opportunities to identify technical and procedural gaps, improve team operations and communication, and increase visibility for leadership on where additional training and team development is needed to reduce future impact on the business.

This talk will introduce best practices for post-incident reviews, including how to unify stakeholders on desired outcomes, monitor for gaps in processes, and use metrics to reduce uncertainty and communicate effectively with business leaders.