We have discharged the role of incident manager for a number of incidents for various clients. We have demonstrated clear value in the closing of incidents, some of which have been previously declared closed by others. Our approach is to enact the prevailing incident management process authoritatively, whilst thinking in the attacker’s context.
This has enabled us to take control of the incident, enact triage to validate approach and severity, agree on a course of action, then execute management and containment. Placing our staff in the mind-set of the attacker is pivotal in enabling us to identify vestigial threats and deal with these effectively.