Certified Chief Information Security Officer (CCISO) — Question 51

When dealing with Security Incident Response procedures, which of the following steps come FIRST when reacting to an incident?

Answer options

• A. Eradication
• B. Escalation
• C. Containment
• D. Recovery

Correct answer: C

Explanation

The first step in responding to a security incident is Containment, as it involves limiting the scope and impact of the incident to prevent further damage. Eradication, Escalation, and Recovery are subsequent steps that follow after containment is established, making them incorrect as the first response.