• Skip to main content
  • Skip to primary sidebar

Information Security Management ResourceKit

A Public Service of SecureTheVillage

  • Home
  • Return to SecureTheVillage

Lessons Learned

Following restoration of services, the IRT will determine the root cause of the incident and take appropriate steps to minimize the likelihood of the incident happening again.

  1. Determine how the event happened (in the case of a security incident, determine the source of the intrusion, e.g., email, inadequate training, attack through a firewall port, attack through an unneeded service, attack due to unpatched systems or applications)
  2. Assess the damage to the Organization and estimate both the damage cost (direct and indirect) and the cost of the containment efforts
  3. Identify, if appropriate, additional user training that might have prevented the incident
  4. Identify whether changes in policies or procedures might have prevented the incident
  5. Identify whether the availability of additional equipment or technologies might have prevented the incident
  6. Review the response to the incident? How could it be improved?
    1. Was the initial response timely?
    2. Was containment and restoration timely?
    3. Was the right documentation identified and collected?
    4. If law enforcement was involved, did it help or hinder the response? How could our relationship with law enforcement be improved?
    5. Were appropriate parties informed in a timely manner?
    6. Were the incident response procedures detailed and adequate to the situation? How could they be improved?
  7. What lessons have been learned from this experience and how do we get them into the “corporate DNA?”

 

Contributed by Citadel Information Group
© Copyright 2017. Citadel Information Group. All Rights Reserved.

 

Filed Under: Getting Cyber-Prepared

Primary Sidebar

Resources Areas

  • Cyber Threats
    • Ransomware
    • Online Bank Fraud
  • Information Security Management / Leadership
  • Information Security Policies and Standards
  • Information Security Risk Assessment
  • Information Classification and Control
  • Securing the Human
  • Third-Party Security Management
  • Managing Security of the IT Infrastructure
  • Legal & Related
    • Basic Cyber Laws
    • Payment Card Industry Data Security Standard (PCI DSS)
    • General Data Protection Regulation (GDPR)
    • California Consumer Privacy Act (CCPA)
    • Cybersecurity Maturity Model Certification (CMMC)
  • Getting Cyber-Prepared: Incident Response & Business Continuity
  • Managing Cyber-Risk and Insurance
  • Personal Cybersecurity
  • Cyber Freedom

Copyright © 2023 · SecureTheVillage