In which of the following steps of incident response does a team analyze the incident and determine steps to
prevent a future occurrence?
A.
Mitigation
B.
Identification
C.
Preparation
D.
Lessons learned
Explanation:
Incident response procedures involve in chronological order: Preparation; Incident identification; Escalation and
notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution procedures; First responder;
Incident isolation (Quarantine; Device removal); Data breach; Damage and loss control. Thus, lessons are only
learned after the mitigation occurred. For only then can you ‘step back’ and analyze the incident to prevent the
same occurrence in the future.