After detecting an unauthorized intrusion into the company's network, which of the following steps should be prioritized in the incident response plan to best contain the breach?
Notifying the company leadership and legal advisors
Immediately documenting all actions taken after the breach
Isolating the affected systems from the network
Restoring all systems from the most recent backups