Engagement Control Group (ECG)

Determining when actions should be implemented as part of an engagement operational impact
Most often, the ECG is composed of one or two senior managers from the target environment (for example, a Chief Information Officer or Chief Operating Officer, one member from the Information
Technology department of the organization, a White Cell liaison, and a Red Team liaison. Others can be added as required. All must be Trusted Agents. Some communities consolidate the ECG and White
Cell into a single group with varying individual roles. When this occurs, an Engagement Control
Director must be selected to interface with the Red Team and control the flow of information to the defenders.
Trusted Agent (TA)
A trusted agent is a member of the target organization who knows an engagement is underway. The
Trusted Agent’s primary role is to limit irreversible damage and risk to life, limb, eyesight, and equipment however, they are more often used to prevent the defenders from causing unexpected self- inflicted damage. A TA has privileged and detailed knowledge of engagement activities, milestones,
conditions, and the engagement status that would unduly bias or influence the actions of the environment staff and defenders. A Trusted Agent must protect all information from being provided to any party without the express approval of the ECG. Each engagement should establish a Trusted
Agent Agreement that specifies to whom data can be delivered and under what approval process.
Each TA must execute the agreement before receiving any information about the engagement.

Download 4.62 Mb.

Share with your friends: