Page "Computer insecurity" Paragraph 32

*" Response " is necessarily defined by the assessed security requirements of an individual system and may cover the range from simple upgrade of protections to notification of legal authorities, counter-attacks, and the like.

In some special cases, a complete destruction of the compromised system is favored, as it may happen that not all the compromised resources are detected.