CISM - Incident Management - Section 4.9
Apply incident containment methods to limit the scope and impact of a security incident.
Apply incident containment methods - including isolation, network segmentation, and quarantine - to limit the spread and impact of a security incident without prematurely destroying forensic evidence. Choose the containment approach that balances the urgency of stopping damage against the business impact of taking systems or network segments offline.
ContainmentIsolationNetwork segmentationQuarantine
More in this domain
Back to all Incident Management objectives, or the CISM cert hub.
Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.