updated, and new staff trained or brought into the response
            teams.

            The plan should be reviewed by the incident response teams
            regularly, and the team may execute a tabletop exercise where
            they will step through the plan together as if they are responding
            to a real incident. Team members with specialized skills should
            practice their use of tools and ensure that they are prepared to
            deal with a real situation competently and professionally.



            Feedback
            Every incident is a learning opportunity. The organization must
            use the details of the incident to improve their processes,
            incident response capability, and train their team members. All
            team members and affected departments should be involved in
            the feedback process. The input of each participant should be
            encouraged, and efforts should be made to avoid finding blame
            or criticizing other participants. All lessons learned should be
            documented, and an action plan to address those items should be
            created.



            Reassess Risk
            An incident is the result of an unmitigated risk, and the incident
            management team needs to ensure that they have found the root
            cause of the incident, not just the symptoms. This analysis will
            lead to a reassessment of the risk and vulnerabilities of the
            organization and the evaluation of the effectiveness of the
            controls that are in place. Adjusting controls, patching and
            hardening systems, reviewing procedures, and planning for the