First Step in Incident Response:Containment is the immediate action taken to limit the scope and impact of an incident, such as isolating affected systems to prevent further damage.
Incident Response Lifecycle:
Detection and Analysis: Identifying the incident.
Containment: Limiting its spread and mitigating immediate threats.
Eradication: Removing the cause of the incident.
Recovery: Restoring systems to normal operations.
Lessons Learned: Reviewing and improving processes.
Why Other Options Are Incorrect:
A. Escalation: Happens after containment for management awareness.
B. Recovery: Follows eradication, once the threat is neutralized.
C. Eradication: Occurs after containment to remove threats.
References:EC-Council CISO standards emphasize containment as the critical first step after detecting an incident.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit