Englisch
Deutsch
Englisch
Deutsch
A cyber incident is not a purely technical event —
it is always also a leadership, organisational and decision-making situation.
For this reason, Aponsi operates in critical situations using a clearly defined role and responsibility model.
The objective is to ensure that governance, forensics, assessment and recovery are not mixed, but work together in a structured, traceable and conflict-free manner.
This creates: 
transparency in decision-making evidentiary and documentation capability stability during service recovery a robust foundation for executive management and boards
The orchestrated interaction of roles
Incident handling follows four clearly separated areas of responsibility:
Executive Incident Steering (crisis and decision leadership)
Focus:
prioritisation based on business impact transparency of decisions and measures interface to executive management, boards and supervisory bodies
Responsibilities:
structuring the initial steps of the incident ensuring orderly communication paths aligning forensic findings with planned measures preventing rushed technical quick fixes
Executive steering leads and coordinates — it does not perform technical work itself.
Forensics – root cause analysis & evidence preservation
(specialised partners)
Focus:
traceability of the incident protection of forensically relevant information a robust technical fact base
Responsibilities:
reconstruction of the attack sequence assessment of affected systems and data identification of potential data exfiltration input for insurers, legal advisors and authorities
Forensics operates independently of recovery interests.
Only in this way do results retain evidentiary value.
IT experts & independent assessors
Focus: formal, neutral assessment structured and traceable documentation
Responsibilities:
assessment of procedures and measures taken documentation of decision paths preparation of robust, auditable reports
Important:
The role of expert assessor and crisis steering is not performed by the same individual — unless explicitly requested by the client and transparently documented.
Service recovery
(IT, providers and service partners)
Focus: stable and responsible service restoration prevention of secondary and follow-on attacks
Responsibilities: phased restart of prioritised services securing affected environments stabilisation instead of rapid rollback close coordination with forensics and executive steering
Technically, many things may be possible — what matters is what is responsible.
Why role separation is essential
If the same entity: steers the incident, restores systems, and evaluates the outcome,
conflicts of interest inevitably arise.
Possible consequences include:
✘ loss of evidentiary value
✘ vulnerability of documentation
✘ lack of traceability
✘ impeded insurance or legal processes
Therefore, the fundamental principle applies: Governance ≠ implementation Forensics ≠ recovery Assessment ≠ operational measures
Aponsi ensures that this separation is professionally organised while remaining smoothly coordinated.
The result: operational capability with responsibility
This role model enables: calm, structured crisis management clear responsibilities and decision paths consistent documentation stability during service recovery protection of trust and reputation
This role model forms the foundation for structured, accountable incident response services deliveredthrough Aponsi.
Not faster action — but action that is right, traceable and responsible.