Educause Security Discussion mailing list archives
Incident response lessons learned/after-action report
From: Peter Lundstedt <peter.lundstedt () DRAKE EDU>
Date: Thu, 17 Mar 2016 16:20:22 +0000
Hello all, Drake University is performing updates to incident response plans and one section with an elevated focus is a lessons learned/after-action report or agenda that can be used to track any remaining remediation items, give a high-level incident summary if warranted, and show stakeholders any outcomes. I've had a difficult time finding relevant templates and documents compared to other pieces of the IR plan, especially information security and risk-specific documents (most seem to default towards project management). Would anyone willing please point me towards a resource they've found value in, or share any documents that they've used successfully? Thank you, Peter Lundstedt | Information Security Manager Information Technology Services (ITS) | Drake University E peter.lundstedt () drake edu<mailto:peter.lundstedt () drake edu>
Current thread:
- Incident response lessons learned/after-action report Peter Lundstedt (Mar 17)