Which activity does NOT typically occur during the containment and eradication of cybersecurity incidents?

The activity that does not typically occur during the containment and eradication of cybersecurity incidents is shutting down the entire IT system. In most incident response scenarios, the goal is to contain the threat and mitigate the impacts while maintaining operational continuity as much as possible. Shutting down the entire IT system could lead to unnecessary disruption and downtime, making it challenging to manage business operations and resolve the incident. Instead, containment strategies focus on isolating affected systems, identifying and mitigating vulnerabilities, and restoring control without resorting to extensive shutdowns.

The other activities mentioned—identifying all breaches, notifying appropriate personnel, and restoring control of affected systems—are essential steps in managing a cybersecurity incident. Identifying breaches is crucial for understanding the scope of the incident, notifying personnel ensures that the right stakeholders are involved in the response efforts, and restoring control is a key part of getting systems back to operational status while ensuring the threat is mitigated.