This article provides additional information on how you can meet the requirement for the CAF control – D2.a Post-Incident Analysis.
Reviewing Incidents and Near Misses
- Organisations should conduct post-incident analysis for all security incidents and near misses to fully understand their causes and implement appropriate corrective actions.
- As part of each review, teams should explore “what-if” scenarios to assess how the incident could have escalated and what additional mitigations may be required.
Recording Findings
-
Findings from each post-incident review should be recorded in the organisation’s tracking system.
-
Actions identified during the review should be documented and monitored to completion.
Driving Continuous Improvement
This structured approach ensures the organisation learns from every incident and continually strengthens overall resilience.