Which of the following is a primary goal of conducting a post-incident review in cybersecurity?