An organization has detected an ongoing cyber attack. They've isolated the affected systems and are now focused on removing the threat and securing the systems to prevent the same attack in the future. Which phase of incident response are they currently in?

  • Containment
  • Eradication and Recovery
  • Identification and Detection
  • Preparation and Prevention
The organization is in the 'Eradication and Recovery' phase of incident response, where they are actively working to remove the threat and recover affected systems. This phase follows detection and containment.
Add your answer
Loading...

Leave a comment

Your email address will not be published. Required fields are marked *