Key Performance Indicators (Kpis) For Security Operations and Incident Response
Key Performance Indicators (Kpis) For Security Operations and Incident Response
Key Performance Indicators (Kpis) For Security Operations and Incident Response
Key Performance
Indicators (KPIs) for
Security Operations
and Incident Response.
Identifying Which KPIs Should Be Set, Monitored and Measured.
Contents.
This document contains confidential and proprietary information
for use only by DFLabs S.p.A and its intended recipients and
must not be disclosed to unauthorized individuals without prior,
written consent.
Final Thoughts. 6
How many false positive events are Number of false positives / day
Number of false received? Is this acceptable? Number of false positives / month Detection
positive alerts Can the number of false positive events success
Number of false positives / year
be reduced? How?
Percentage of events that are false
positives
KPI Why Do We Care? Possible Measurements Assessment of:
Are too many analysts being assigned Average number of analysts / event type Analyst skills
Number of analysts to one event meaning that they are not Average number of analysts (per level) / Cost to value
assigned available to response to other events? event
Why? Workload
Average number of analysts (per level) /
Are too few analysts being assigned to an event type
event due to staff shortages?
CONTACT US:
CUSTOMER SUPPORT: