I l @ ve RuBoard |
Possibly the most important step following a security incident (and certainly one of the least done) is the process of writing the security incident postmortem. Postmortem follow-up requires documentation of the incident as well as reports for specific audiences, such as management and emergency response teams . These reports will be used to adjust the level of security that is implemented. This report is crucial for bringing all the issues together. It is a chance to review the incident calmly, after the crisis has subsided, bringing together the views and insights from all parties involved to create a single, consistent description of the incident for all those who have a need to know. This report is needed if any follow-up actions are going to be taken against the perpetrator. If the actions are warranted, this report will serve as the foundation of the prosecution . If the actions are disciplinary, management will need this report to determine the severity of the punishment . The report has three parts : the time line, the technical summary, and the managerial summary.
|
I l @ ve RuBoard |