After containing a confirmed security breach, an incident responder is tasked with the remediation process. What should be their FIRST step to ensure a thorough and effective remediation?
Immediately restore all systems from backup to minimize downtime.
Install anti-virus software on all endpoints.
Determine the full scope of the intrusion.
Update the firewall rules to prevent future attacks.
|Incident Response and Management
|Reporting and Communication