ABSTRACT
It is time to put the concepts you have been reading about into practice. The previous chapters gave you the foundation needed to understand the implications of decisions made during real security incidents. There are three cases presented in this chapter. I will present the first two cases in a story format as they happened. The third case recounts the details of a high-profile litigation. After each case, an after action report (aka a postmortem) will be presented. A postmortem is an exercise that a team performs to review a project with the goal that improvements will be made for the next project. Organizations that want to learn from their mistakes and continuously improve do this type of exercise after a challenging project. It is important to note that this is also a great exercise to do when a project is successful so that things that worked well are repeated. Since the presentation in this chapter is for illustrative purposes, the postmortems have been pared down a bit. If you are interested in learning the complete process to perform a postmortem, read “An Approach to Postmorta, Postparta and Post Project Reviews” by Norman Kerth.
