After a recent security breach, the incident response team of a financial institution is tasked with conducting a post-incident review. What is the PRIMARY purpose of discussing and documenting the lessons learned?
To gather and preserve legal and technical evidence for potential prosecution of the perpetrators.
To ensure there is a record of the chain of custody for the evidence gathered during the incident response.
To improve the incident response process for future occurrences by analyzing the strengths and weaknesses of the response.
To perform a root cause analysis identifying all the vulnerabilities exploited during the incident.