While perusing a study guide for SC-100 exam, I came across a really nice and succinct explanation for technical response. It's one of my favorite quotes now:

(...) there are two key goals that every incident response should aim to address from a technical perspective. The first is identifying the scope of the attack (...) Secondly it can be helpful to attempt to identify the objective of an attack.

(Source: Microsoft Cybersecurity Architect Exam Ref SC-100)

Admittedly, the statements and strategy here is pretty obvious but that's also why I like it. Sometime simplicity is a good thing; especially when attempting to achieve a more complex goal like security oversight.