# Containment Strategy
<a name="containment-strategy-questions"></a>

**Can AWS Security Incident Response identify the scope of the security event?**
+  If yes, identify all the resources (users, systems, resources). 
+  If no, investigate in parallel with executing the next step on identified resources. 

**Can the resource be isolated?**
+  If yes, then proceed to isolate the affected resources. 
+  If no, then work with system owners and managers to determine further actions necessary to contain the problem. 

**Are all affected resources isolated from non-affected resources?**
+  If yes, then continue to the next step. 
+  If no, then continue to isolate affected resources to complete short-term containment and prevent the event from escalating further.