Final answer:
The criterion not normally used for evaluating a cybersecurity incident containment strategy is the cost. Key factors include effectiveness, evidence preservation, and log record generation.
Step-by-step explanation:
The criterion that is NOT normally used when evaluating the appropriateness of a cybersecurity incident containment strategy is D. Cost of the strategy. While cost is an important consideration in broad strategic decisions, the primary factors when assessing a containment strategy for cybersecurity incidents focus on the effectiveness, preservation of evidence, and ability to generate accurate log records. Containment strategies must be able to effectively isolate and neutralize threats, maintain the integrity of evidence for further investigation, and provide detailed logs that can be used for analysis and legal proceedings.