CompTIA CySA+ CS0-003 Practice Question
After resolving a security incident, what is the primary focus during the 'lessons learned' phase?
Conducting a post-incident review to identify areas for improvement in the incident response process
Updating security controls based on the incident
Collecting evidence for potential legal actions related to the incident
Notifying stakeholders about the resolution of the incident