In which of the following steps of incident response does a team analyse the incident and
determine steps to prevent a future occurrence?
A.
Mitigation
B.
Identification
C.
Preparation
D.
Lessons learned
Explanation:
Incident response procedures involves in chronological order: Preparation; Incident identification;
Escalation and notification; Mitigation steps; Lessons learned; Reporting; Recover/reconstitution
procedures; First responder; Incident isolation (Quarantine; Device removal); Data breach;
Damage and loss control. Thus lessons are only learned after the mitigation occurred. For only
then can you ‘step back’ and analyze the incident to prevent the same occurrence in future.