4 - Eradication
During the fourth stage the emphasis is on ensuring you have a clean system ready to restore. This may be a complete reimage of a system, or a restore from a known good backup.
5 - Recovery
At this point, it's time to determine when to bring the system back in to production and how long we monitor the system for any signs of abnormal activity.
6 - Lessons Learned
This final stage is often skipped as the business moves back into normal operations but it's critical to look back and heed the lessons learned. These lessons will allow you to incorporate additional activities and knowledge back into your incident response process to produce better future outcomes and additional defenses.
Source: CSO Australia
Sign up for CIO Asia eNewsletters.