Which phase of incident response focuses on containment and eradication of threats?

The phase of incident response that focuses on containment and eradication of threats is indeed the containment phase. During this stage, the primary goal is to limit the impact of the security incident and prevent further damage. The team works to isolate affected systems to halt the spread of the incident while also beginning efforts to eliminate the underlying threat.

Containment involves strategic actions such as disconnecting compromised systems from the network, applying temporary fixes, or implementing incident-specific access control measures to safeguard unaffected resources. By doing so, responders aim to control and manage the security incident effectively to minimize any potential losses.

This phase is critical, as containment directly precedes eradication efforts, where the root cause of the incident is identified and removed, ensuring that attackers cannot exploit the same vulnerabilities again in the future. Proper execution during the containment phase is vital for ensuring a swift and effective incident response, setting the stage for recovery and restoration of normal operations afterward.