Skip to content
Log in

Action item

Definition

A specific, time-bound improvement task generated by a post-incident finding. An action item has a named owner, a target completion date, a measurable outcome, and a tracking record in a ticketing system. An action item is not a recommendation in a report; it is a work item assigned to a person.

Related terms

Blameless post-mortem
A cultural approach to post-incident review, popularised in site reliability engineering, in which the analysis focuses on systemic and process failures rather...
Lessons-learned register
A persistent record, maintained by the security programme, that links each post-incident action item to the originating incident, tracks its status, and...
Post-incident activity
The NIST SP 800-61 label for the final phase of the incident response lifecycle. It encompasses evidence retention, lessons-learned meetings, and the...
Root-cause analysis (RCA)
A structured method for identifying the underlying systemic cause of a failure rather than its immediate trigger. Common techniques in incident review...
Timeline reconstruction
The process of ordering digital events from multiple sources into a single chronological account. Requires normalising all timestamps to a common reference...

Explained in

  • Post-Incident Review and Lessons LearnedA specific, time-bound improvement task generated by a post-incident finding. An action item has a named owner, a target completion date, a measurable outcome,...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account