What is the difference between containment, eradication, and recovery?

Containment stops the incident from spreading by isolating affected systems through network disconnection, account disabling, or firewall rule changes. Short-term containment acts immediately, while long-term containment maintains operations during investigation. Eradication removes the root cause by deleting malware, closing exploited vulnerabilities, rebuilding compromised systems from clean images, and resetting compromised credentials.