What are the five core phases of the NIST Incident Response framework, and what is the primary objective of each phase in managing and mitigating security incidents?

The NIST Incident Response framework consists of five phases: Preparation, Detection and Analysis, Containment, Eradication, and Recovery. Each phase has a distinct objective: Preparation focuses on readiness, Detection identifies incidents, Containment limits impact, Eradication removes threats, and Recovery restores systems. Answers should clearly define each phase, explain their objectives, and link them to incident management goals.

The NIST Incident Response framework outlines five core phases: 1) Preparation ensures organizations are ready with plans, tools, and training. 2) Detection and Analysis involves identifying incidents through monitoring and analyzing logs. 3) Containment limits damage by isolating affected systems. 4) Eradication removes threats like malware or vulnerabilities. 5) Recovery restores systems to normal operations. For example, during a ransomware attack, Preparation includes having backups; Detection uses SIEM tools; Containment might involve disconnecting infected devices; Eradication requires malware removal; and Recovery involves restoring from backups. Trade-offs include balancing speed of containment with potential data loss, or prioritizing eradication over recovery to prevent re-infection.