Which component involves identifying and prioritizing affected assets and data during an incident?

During incident response, the analysis phase is where you scope the incident, identify which assets and data are affected, and decide what to protect or restore first. This involves assessing business criticality, data sensitivity, and regulatory needs to set priorities for containment and recovery. By prioritizing affected assets, the team can allocate resources efficiently, contain the incident where it matters most, and plan phased restoration. Detection spots that something is wrong, but it’s analysis that quantifies impact and guides the response; containment focuses on stopping spread, and recovery brings systems back online after the scope is understood.