security breach

The Art of the Post-Mortem

The Art of the Post-Mortem It has a bunch of names — the After-Action Review, the Critical Incident Review, the plain old Post-Mortem — but whatever you call it, it’s an absolute management best practice to follow when something has gone wrong. We just came out of one relating to last fall’s well document phishing attack, and boy was it productive and cathartic. In this case, our general takeaway was that our response went reasonably well, but we could have been more prepared or done more up front to prevent it from happening in the first place.  We derived some fantastic learnings from the Post-Mortem, and true to our culture, it was full of finger-pointing at oneself, not at others,…