A
post-mortem (post-incident review) analyzes an incident after resolution — what happened, why, how it was detected, and how to prevent recurrence. Blameless culture produces better results.
Blameless post-mortem: focus on systems and processes, not individuals. Outputs: root cause analysis, detection gap findings, control recommendations, policy updates, training needs. Track improvement actions to completion. Share key findings across the security team — institutional learning prevents repeat incidents.