Your team has identified a breach in progress on an endpoint device within the company's network. What is the FIRST step you should take to isolate this device while minimizing the potential for disruption to your organization's operations?
Disconnect the device from the network
Enable the firewall on the device immediately
Power off the device to prevent data loss
Physically remove the device from the office
|Incident Response and Management
|Reporting and Communication