12. Reflect upon the report and make recommendations based on the findings (AC 3.5)

Points I liked about the report It's concise, I find it easy to read, there's no technical jargon, it's organised into 6 sections making it easy to follow. Points I didn't like about the report There isn't enough data on the attack - how it happened, when it happened, and who's behind it. Integrity - The report mentions several time just how well equipped and well funded their IT department is. Yet despite all this the attack happened and it was quite a major incident. I don't think they take integrity very seriously and makes me question the rest of the report Rigour - The post mortem admits that insufficient MFA and weak passwords allowed attackers to penetrate much deeper than they should have. Which suggest a failure in enforcing rigorous security protocols. Discipline - It's difficult to comment on the discipline aspect of the post mortem as it doesn't mention anything discipline specific, but we can deduce that Synnovis doesn't have the best discipline. Recommendations: A visual representation of the event such as a timeline graph be a great addition, it would clearly show the events as they happened. What's missing and what needs to be added: A title at the top of the page, date, people working on the report (post-mortem coordinator, post-mortem committee), supporting data