What is the main purpose of conducting a post-incident review after a cybersecurity incident?
Think about learning from the incident to improve security.
The post-incident review aims to understand the incident fully and improve defenses to prevent recurrence, not to assign blame or skip analysis.
Which of the following is NOT typically a key component of a post-incident review?
Focus on components directly related to the incident and security.
A detailed financial audit is not usually part of a post-incident review, which focuses on understanding and improving security after the incident.
During a post-incident review, the team finds that the incident response took longer than expected due to unclear communication channels. What is the best recommendation to improve future responses?
Think about how communication can be improved systematically.
Clear communication protocols and defined roles help teams respond faster and more effectively during incidents.
Which statement best describes the difference between a post-incident review and root cause analysis in cybersecurity?
Consider the scope and focus of each process.
The post-incident review covers the entire incident and what can be learned, while root cause analysis digs deep into the specific cause of the problem.
A company conducted a post-incident review after a data breach. They identified the breach was caused by a phishing attack and recommended employee training and improved email filtering. Six months later, a similar breach occurred. What is the most likely reason the post-incident review recommendations failed?
Think about the difference between recommendations and actual actions taken.
Recommendations only help if they are properly implemented. Failure to act on them often leads to repeated incidents.