During an incident response activity, your team has successfully isolated the affected systems to prevent further spread of the incident. What is the NEXT best step to evaluate in order to determine the priority for containment and recovery procedures?
Determine the scope of affected systems beyond those already isolated.
Assess the impact of the incident in terms of data loss, service disruption, and damage to assets.
Continue gathering evidence to pinpoint the initial entry point of the attackers.
Begin the eradication process by removing the threat actor's presence from the network.