LOGBOOK

HELP

Quiz Entry - updated: 2026.06.20

When is an incident considered successfully resolved, and what should happen afterwards in the Lessons Learned step?

An incident is resolved when the response objectives are met (e.g. operations restored) AND the source and root cause are identified; afterwards, hold a debriefing with everyone involved.

Both conditions must hold — restoring operations is not enough if you still don't know how the attacker got in. The follow-up debriefing/Nachbesprechung with all involved people works through three core questions: What happened? What did we learn? How can we do better next time? The resulting insights should feed back into the organisation's Incident Management Policy (IMP) and Incident Response Plan (IRP) so the whole cycle improves.

From Quiz: ISM / Security Incident Management | Updated: Jun 20, 2026