Answer:
Identification phase
Step-by-step explanation:
Incident response is an organised technique that is put place to care of the outcome of breach in security with the aim of ensuring that the damage as well as the recovery time and costs are reduced.
There are six phases of incident response and these are preparation, identification, containment, eradication, recovery and lessons learned.
The aim of the identification phase is to ensure that security happening are monitored so that potential security incidents can detected, alerted, and reported. At the identification stage, a deep thorough investigation is carried out in a case of a security breach to determine its depth and reason for its failure or failure in order to report it and suggest action against future occurrence.
Therefore, identification phase of the incident response is used to determine what went right during the incident response, what went wrong, and how to make the process better.
I wish the best.