A newly hired Chief Security Officer (CSO) is reviewing the company’s IRP and notices the procedures for zero-day malware attacks are being poorly executed, resulting in the CSIRT failing to address and coordinate malware removal from the system.
Which of the following phases would BEST address these shortcomings?
A . Identification
B . Lessons learned
C . Recovery
D . Preparation
E . Eradication
Answer: B