During an incident response activity, your team has successfully isolated the affected systems to prevent further spread of the incident. What is the NEXT best step to evaluate in order to determine the priority for containment and recovery procedures?
Begin the eradication process by removing the threat actor's presence from the network.
Assess the impact of the incident in terms of data loss, service disruption, and damage to assets.
Continue gathering evidence to pinpoint the initial entry point of the attackers.
Determine the scope of affected systems beyond those already isolated.