An incident response analyst at a large corporation is reviewing proxy log data. The analyst believes a malware infection may have occurred. Upon further review, the analyst determines the computer responsible for the suspicious network traffic is used by the Chief Executive Officer (CEO). Which of the following is the best NEXT step for the analyst to take?

• Call the CEO directly to ensure awareness of the event

• Run a malware scan on the CEOs workstation

• Reimage the CEOs workstation

• Disconnect the CEOs workstation from the network