CISA Certified Information Systems Auditor – Question1215

Which of the following should be performed immediately after a computer security incident has been detected and analyzed by an incident response team?

A.
Assess the impact of the incident on critical systems
B. Categorize the incident
C. Eradicate the component that caused the incident
D. Contain the incident before it spreads

Correct Answer: B