What is the action of isolating affected components from the larger environment called?

The action of isolating affected components from the larger environment is referred to as containment. This is a critical step during an incident response process, especially in cybersecurity and information security contexts. When an incident occurs, such as a malware infection or a data breach, it is essential to prevent the threat from spreading to other parts of the network or system. Containment aims to limit the damage and secure the environment to mitigate the risks associated with the incident.

By isolating the affected systems or components, organizations can address the issue while ensuring that other unaffected parts of their infrastructure remain operational and secure. This step is often taken before any further investigation or eradication of the threat occurs, helping to maintain control over the situation until a clearer picture of the incident is available.

In contrast, eradication refers to the removal of the threat once it has been contained, while investigation involves analyzing the incident to understand its cause and impact. Recovery focuses on restoring affected systems and services to normal operations following an incident. Each of these steps is part of a comprehensive incident response plan, but containment specifically emphasizes the need to isolate the issue to prevent further harm.