Incident response lessons learned/after-action report

[Peter Lundstedt <peter.lundstedt () DRAKE EDU>]

Hello all,

Drake University is performing updates to incident response plans and one section with an elevated focus is a lessons 
learned/after-action report or agenda that can be used to track any remaining remediation items, give a high-level 
incident summary if warranted, and show stakeholders any outcomes.

I've had a difficult time finding relevant templates and documents compared to other pieces of the IR plan, especially 
information security and risk-specific documents (most seem to default towards project management).  Would anyone 
willing please point me towards a resource they've found value in, or share any documents that they've used 
successfully?

Thank you,

Peter Lundstedt | Information Security Manager
Information Technology Services (ITS) | Drake University

E  peter.lundstedt () drake edu<mailto:peter.lundstedt () drake edu>