In this video, Jenna Garbett, senior incident response consultant at Unit 42®, highlights the importance of the "lessons learned" phase in the Incident Response (IR) lifecycle. She emphasizes its role in identifying necessary adjustments to an organization's security program or processes post-incident.
This phase involves a comprehensive review of the incident, assessing the effectiveness of the IR plan and processes, what worked, what didn't, and any potential areas for improvement. Understanding how the threat actor gained access and their actions within the system is crucial for hardening the organization's security approach.
Jenna discusses several key topics to evaluate during this phase, including the efficacy of the IR plan, potential lapses in response, stakeholder notification, documentation, available tools and data sources, and relationship management for IR support.
She further underscores the value of reflecting on incidents, analyzing successes and shortcomings, and engaging in dialogue with executives and key stakeholders to strengthen IR plans and enhance resilience against evolving threats. This is a must-watch video for organizations looking to learn from their past to fortify future security measures.