After containing a confirmed security breach, an incident responder is tasked with the remediation process. What should be their FIRST step to ensure a thorough and effective remediation?
Install anti-virus software on all endpoints.
Immediately restore all systems from backup to minimize downtime.
Update the firewall rules to prevent future attacks.
Determine the full scope of the intrusion.