Changes RCA to Incident Review for Security Incidents

Why is this change being made?

As the SIRT team we do not own many of the services we are responding to - as such when reviewing incidents it makes the most sense to review our response (our primary responsibility) rather than the actual reason for the issue since that reason is often out of our control. Note, this does not mean we do not document and acknowledge the reason and attempt to make things better.

Author Checklist

• Provided a concise title for the MR
• Added a description to this MR explaining the reasons for the proposed change, per [say-why-not-just-what][transparency]
• Assign this change to the correct DRI
  • If the DRI for the page/s being updated isn’t immediately clear, then assign it to your manager.
  • If your manager does not have merge rights, please ask someone to merge it AFTER it has been approved by your manager in [#mr-buddies][mr-buddies-slack].
  • If the changes relate to any part of the project other than updates to content and/or data files please make sure to ping @gl-static-site-editor in a comment for a review and merge. For example changes to .gitlab-ci.yml, JavaScript/CSS/Ruby code or the layout files.