Post-incident review with all stakeholders - Update security controls, monitoring rules, or procedures - Update the incident response plan itself