The proper steps need to be taken to handle the situation once an incident or event has been validated:
- Containment: The actions required to prevent the incident or event from spreading across the network
- Eradication: The actions that are required to completely wipe the threat from the network or system
- Recovery: The actions required to bring back the network or system to its former functionality and use