After a recent security breach, the incident response team of a financial institution is tasked with conducting a post-incident review. What is the PRIMARY purpose of discussing and documenting the lessons learned?
To ensure there is a record of the chain of custody for the evidence gathered during the incident response.
To perform a root cause analysis identifying all the vulnerabilities exploited during the incident.
To improve the incident response process for future occurrences by analyzing the strengths and weaknesses of the response.
To gather and preserve legal and technical evidence for potential prosecution of the perpetrators.