Skip to content
Log in

Lessons-learned register

Definition

A persistent record, maintained by the security programme, that links each post-incident action item to the originating incident, tracks its status, and records the evidence of completion. The register is the mechanism by which the IR programme accumulates institutional knowledge over time.

Related terms

Action item
A specific, time-bound improvement task generated by a post-incident finding. An action item has a named owner, a target completion date, a...
Blameless post-mortem
A cultural approach to post-incident review, popularised in site reliability engineering, in which the analysis focuses on systemic and process failures rather...
Post-incident activity
The NIST SP 800-61 label for the final phase of the incident response lifecycle. It encompasses evidence retention, lessons-learned meetings, and the...
Root-cause analysis (RCA)
A structured method for identifying the underlying systemic cause of a failure rather than its immediate trigger. Common techniques in incident review...
Timeline reconstruction
The process of ordering digital events from multiple sources into a single chronological account. Requires normalising all timestamps to a common reference...

Explained in

  • Post-Incident Review and Lessons LearnedA persistent record, maintained by the security programme, that links each post-incident action item to the originating incident, tracks its status, and record...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account