Sometimes the only way is to reach for the big red button

Emergency Incident Response


This approach should not be feared; we often discover that incidents are not breaches. We follow the CIBOK techniques of investigation and one of our board advisors acts as executive editor. The principles of our approach are based around speed of discovery, enabling us to find indicators and follow the evidence to a successful conclusion.

Secrutiny Cybersecurity - Incident Response Chart


Data sweep and incident scoping

If a potential cyber incident is suspected it is critical that rapid forensically-sound techniques are utilised to validate, investigate and take remedial action. Secrutiny follows a proven, three-step ‘Triage’ Incident Response methodology.

This approach enables us to focus specifically in areas which appear to be ‘hosts of interest’ so we can understand the intent and impact.

Forensic collection and investigation

Secrutiny’s Incident Response Methodology is more efficient than traditional ‘ball-of-string’ practices which focus on evidence collection based upon IOC-following.

IOCs are not “threat intelligence” until they are understood in context to the risks your organisation may be encountering, or has faced in the past. Consequently, the cost in terms of resources (people, tools and time) and related financial impact can be as long as the proverbial “ball-of-string” because you never know where the string will lead or how long it’s going to be.

Incident containment and remediation

Our Incident Response Process encompasses:

  • Data Collection and Incident Scoping.
  • Forensic Collection and Investigation.
  • Incident Containment and Remediation.
  • Post-Incident Support.

This process assesses the scope of an incident followed by rigorous interrogation to establish the storyline. This results in targeted containment and remedial action followed by support to stop attackers re-establishing entry.


“Secrutiny’s Cyber Risk Analyser (CRA) has provided comprehension of risks that we were not aware of. The results will be used to make informed decisions that embed security by design according to IT operations.”

Investment Management
Information Security Manager

“Traditional cyber audits are based on paper exercises; giving a generic view of risk based on policy, process and controls in place. Over nearly 30 years in information security, Secrutiny’s CRA has given the most meaningful results by far.”

Cyber and Information Security Manager

“Secrutiny provide a service that is more cost-effective than me building out my team to manage security. They also have the market knowledge to keep my security toolkit ahead of the curve, ensuring the firm is secure.”

Head of IT

“We use Secrutiny because they are always keeping us up to date with emerging technologies that challenge the norm, to make us better or save us money. They will have completed the due diligence to reduce our risk and will always deliver on their commitment”

Real Estate
IT Infrastructure Specialist