During a routine security audit, your team discovers multiple instances of unauthorized access attempts on a sensitive database. As the lead incident responder, what should be your first step according to a well-structured incident response plan?
Notify law enforcement.
Identify and validate the incident.
Isolate the affected system.
Inform upper management.