The last part of the incident response plan is reporting the
incident. The security team should take notes as the response is
happening and report all issues to organizations such as local and
federal authorities or multi-vendor software vulnerability portals,
such as the Common Vulnerabilities and Exposures site (CVE) at
https://cve.mitre.org/. Depending on the type of legal
counsel an enterprise employs, a post-mortem analysis may be
required. Even if it is not a functional requirement to a
compromise analysis, a post-mortem can prove invaluable in helping
to learn how a cracker thinks and how the systems are structured so
that future compromises can be prevented.
