Which of the following is NOT an objective for security incident management in ISO $27035-1?$

Group of answer choices

Information security events are detected and dealt with efficiently. This involves deciding when they should be classified as information security incidents

After an exploit is discovered and removed, it may be necessary to restore a valid copy of data from a backup

The adverse effects of information security incidents on the organization and its operations are minimized by appropriate controls as part of incident response

Information security vulnerabilities are assessed and dealt with appropriately to prevent or reduce incidents