Lessons learned activities should produce a set of objective and subjective data regarding each incident, which can help organizations budget information security funding more efficiently. What is NOT a typical metric for incident-related data:
a. Number of Incidents Handled per month.
b. Number of Log Entries Analyzed per Incident.
c. Time Spent on Investigation Per Incident.
d. Objective Assessment of Each Incident Response actions Effectiveness.