A company experienced a security breach that its incident-response team quickly contained. To strengthen future responses, the team wants to measure how well the incident was handled. What is the BEST method to evaluate the efficiency of the response?
An after-action report (also called a lessons-learned or post-incident review) systematically documents what happened, compares expected versus actual outcomes, and identifies strengths and gaps in the response process. This retrospective analysis is specifically intended to measure incident-handling effectiveness and drive process improvements. Vulnerability scans and penetration tests are proactive security assessments performed before an incident; continuous monitoring tracks the environment in real time rather than evaluating a past event.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are after-action reports and how are they created?
Open an interactive chat with Bash
Why are vulnerability scans insufficient for assessing incident response?
Open an interactive chat with Bash
What is the importance of performance evaluation in incident response?