According to NIST.SP800-61 r2, which of the following is NOT a question to ask during post mortem?
- Exactly what happened and at what time?
- How could information sharing with other organizations be improved?
- Whose fault was the attack?
- Were any steps or actions taken that might have inhibited the recovery?
Blame placing is not port o the post mortem.