An important component of incident response that looks beyond the face details of an incident to determine the root casue of the incident (e.g., a missing patch might enable a successful intrusion but root cause analysis might reveal that the vulnerable service should never have been running anyway).