RS.MA-03: Incidents are categorized and prioritized
Ex1: Further review and categorize incidents based on the type of incident (e.g., data breach, ransomware, DDoS, account compromise)
Ex2: Prioritize incidents based on their scope, likely impact, and time-critical nature
Ex3: Select incident response strategies for active incidents by balancing the need to quickly recover from an incident with the need to observe the attacker or conduct a more thorough investigation