Eradication refers to what happens following containment of a cyber attack incident. After the threat has been contained, it is necessary to eradicate (remove) key components of the security incident. Removing malware from all infected systems that were moved offline during the containment phase would be done in the eradication phase of an incident. Common examples of eradication tasks include disabling and resetting breached user accounts, resetting passwords on all domain accounts, and scanning the network for indicators of compromise. Eradication is key to prevent attackers from launching additional attacks on your company.
Related Term: Containment, Recovery, Revision, Root Cause Analysis
Source: Bluegrass Cyber Security
