What is the investigation process called when a company addresses the issue after a data breach?

The process of addressing the issue after a data breach is known as incident response. This involves a series of steps that an organization takes to handle the aftermath of a security breach or cyberattack. During the incident response phase, a company works to contain the breach, eradicate the threat, recover compromised systems, and implement measures to prevent future incidents.

While "lessons learned" is a key component of the overall incident response process, it typically occurs after the initial incident response has progressed. It involves reviewing what occurred during the breach, assessing the effectiveness of the response, and identifying areas for improvement. This reflective stage helps organizations ensure they understand the cause of the breach and apply insights to strengthen their security posture for the future.

The other options also play roles in comprehensive security management but pertain to specific aspects of the incident response lifecycle. Post-mortem analysis is similar to lessons learned but is often more detailed, focusing on a thorough investigation of what happened. Recovery plan review pertains specifically to the strategies and actions taken to restore systems and operations after a breach has occurred.

Thus, the correct term to describe the proactive steps taken by an organization to manage and mitigate the impact of a data breach is incident response.