The structure of a post-incident review was described in Chapter 9, but here we’ll look more closely at the output the exercise provides, as well as a procedural guide on how to conduct your own.
Sample Guide
This chapter presents a guide to help get you started. A downloadable version is available at http://postincidentreviews.com.
Begin by reflecting on your goals and noting the key metrics of the incident (time to acknowledge, time to recover, severity level, etc.) and the total time of each individual phase (detection, response, remediation).
Establish and Document the Timeline
Document the details of the following in chronological order, noting their impact on restoring service:
Date and time of detection
Date and time of service restoration
Incident number (optional)
Who was alerted first?
When was the incident acknowledged?
Who else was brought in to help, and at what time?
Who was the acting Incident Commander? (optional)
What tasks were performed, and at what time?
Which tasks made a positive impact to restoring service?
Which tasks made a negative impact to restoring service?
Which tasks made no impact to restoring service?
Who executed specific tasks?
What conversations were had?
What information was shared?
Plot Tasks and Impacts
Identifying the relationships between tasks, automation, and human interactions ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month, and much more.
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
