-
Featured services
Think beyond the robots
The successful integration of AI and IoT in manufacturing will depend on effective change management, upskilling and rethinking business models.
Read the blog -
Services
Leverage our capabilities to accelerate your business transformation.
-
Services
Network Services
-
Services
Cloud
-
Services
Consulting
-
-
Services
Data and Artificial Intelligence
- AI and Intelligent Solutions
- Data/AI Strategy and Program
- Data Engineering and Platforms
- Data Governance and Management
- Data Visualization and Business Decision
- GenAI Consulting
- GenAI Platforms
- GenAI Industry Services
- GenAI Infrastructure Services
- GenAI Value Transformation
- View Data and Artificial Intelligence
-
Services
Technology Solutions
-
Services
Global Data Centers
-
Services
CX and Digital Products
-
Services
Application Services
-
Services
Sustainability Services
-
Services
Digital Workplace
-
Services
Business Process Services
-
Services
Generative AI
-
Services
Cybersecurity
-
Services
Enterprise Application Platforms
Master your GenAI destiny
We’ll help you navigate the complexities and opportunities of GenAI.
Explore GenAI -
-
-
Insights
Recent Insights
-
The Future of Networking in 2025 and Beyond
-
Using the cloud to cut costs needs the right approach
When organizations focus on transformation, a move to the cloud can deliver cost savings – but they often need expert advice to help them along their journey
-
Make zero trust security work for your organization
Make zero trust security work for your organization across hybrid work environments.
-
-
Master your GenAI destiny
We’ll help you navigate the complexities and opportunities of GenAI.
Explore GenAI -
-
Master your GenAI destiny
We’ll help you navigate the complexities and opportunities of GenAI.
Explore GenAI -
Discover how we accelerate your business transformation
-
About us
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
-
CLIENT STORIES
-
Liantis
Over time, Liantis – an established HR company in Belgium – had built up data islands and isolated solutions as part of their legacy system.
-
Randstad
We ensured that Randstad’s migration to Genesys Cloud CX had no impact on availability, ensuring an exceptional user experience for clients and talent.
-
Everest Group PEAK Matrix® Assessment
NTT DATA is a Leader and Star Performer in the Everest Group Sustainability Enablement Technology Services PEAK Matrix® Assessment 2024.
Get the Everest report -
- Careers
Incident response and the importance of lessons learned
25 February 2020

Topics in this article
Responding to a computer security incident can be stressful and hectic for the personnel involved and, depending on the nature and scope of the incident, some responses are more stressful than others.
Restoring services and returning to normal operations is obviously important, but the incident response process doesn’t end there. It’s fair to assume that most organizations will view the mitigation and eradication stages as priorities, but containing and stopping the incident doesn’t fully bring the response to a conclusion.
It’s important to follow through with documenting the incident and the response as well as identifying any gaps and areas for improvement to further solidify your security posture.
The stages of incident response
There’s more than one methodology concerning the stages of an incident response. One lists seven stages ending with what’s labelled as ‘Follow-Up’. Another’s broken into four stages and ends with a stage termed as ‘Post-Incident Activity’. A third also contains seven stages and ends with what is referred to as ‘Lessons Learned’. Others may contain five stages, but they will all end with a stage for identifying gaps and for documenting the overall incident and response. No matter the name, this stage should include important questions for all personnel involved as well as proper reporting. We find that some organizations may be omitting this final stage and reasons for this may include the false belief that the response is over or the need to return to other tasks.
Lessons Learned is a critical part of incident response
The Lessons Learned stage
So what questions are asked at this concluding stage? Examples can include:
- Was our organization sufficiently prepared?
- Was the incident reported or detected in a timely manner?
- Did the incident response team communicate effectively, both internally and with external partners?
- How can our organization improve our response to become more efficient to future incidents?
- Were there any gaps identified in the incident response plan or runbooks?
- Were there any technical gaps identified for the incident response team?
- What was the financial impact on our organization?
- How can we reduce the risk of experiencing further incidents?
The Lessons Learned stage is a time to question how, and why, the incident occurred and what can be done to reduce the risk of future incidents. It’s during this stage that questions should be posed on whether security tools are properly implemented and if policies and procedures are meeting the needs of the organization.
It’s at this stage that the organization’s incident response plan should be reviewed for any updates or modifications that have been identified. It’s essential this plan is updated to remain current. It’s also essential that all declared incidents are properly documented in a report. This will aid both in terms of complying with any reporting requirements as well as having a written record that may be referred to when responding to future incidents.
This report should conclude with a ‘Recommendations’ section that details areas of improvement for review by management. These recommendations can include updating existing polices, generating new policies and implementing additional security controls.
Analysing incident response is critical to continual improvement
Maintaining security as a priority
In conclusion, the Lessons Learned stage allows an organization to review information that can increase the efficiency and effectiveness of the incident response team’s overall response as well as improve the organization’s overall security. A security conscious organization is one that maintains security as a priority and is constantly exploring ways to improve. The Lessons Learned stage is a vital area that allows this to occur. Identifying gaps allows an organization to correct issues and/or strengthen its security. Being prepared may reduce the risk of an organization suffering future incidents. Again, eradicating the incident and returning to normal operations is not the end of a thorough and complete incident response.