Assess what is happening and implement controls to mitigate.
Assess what is happening and take measures to contain, mitigate, and recover.
Protect information and systems from threats by implementing controls to preserve:
Confidentiality > Integrity > Availability