Cleaning up the Sparks folder
This commit is contained in:
parent
eb610a79b6
commit
96cd8fea7b
78 changed files with 149 additions and 181 deletions
72
Corpus/Sparks/ISMS/KPIs in Incident Response.md
Normal file
72
Corpus/Sparks/ISMS/KPIs in Incident Response.md
Normal file
|
|
@ -0,0 +1,72 @@
|
|||
---
|
||||
tags:
|
||||
- metrics
|
||||
Related:
|
||||
- "[ISO_27002_2022_5.24_PE Information security incident management planning and preparation](../../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.24_PE%20Information%20security%20incident%20management%20planning%20and%20preparation.md)"
|
||||
---
|
||||
# KPIs in Incident Response
|
||||
|
||||
Here are 20 essential KPIs, with short definitions to guide your tracking and improvement efforts:
|
||||
|
||||
1. Mean Time to Detect (MTTD): Avg. time taken to identify an incident.
|
||||
|
||||
|
||||
2. Mean Time to Respond (MTTR): Avg. time between detection and first mitigation action.
|
||||
|
||||
|
||||
3. Mean Time to Contain (MTTC): Avg. time to stop the incident from spreading.
|
||||
|
||||
|
||||
4. Mean Time to Resolve (MTTRv): Avg. time to fully fix and close the incident.
|
||||
|
||||
|
||||
5. Number of Incidents Detected: Total incidents identified in a time period.
|
||||
|
||||
|
||||
6. Percentage of Incidents by Severity Level: Distribution of incidents by criticality.
|
||||
|
||||
|
||||
7. First Response Time: Time from detection to initial analyst response.
|
||||
|
||||
|
||||
8. Number of Reopened Incidents: Count of incidents reopened after closure.
|
||||
|
||||
|
||||
9. False Positive Rate: Percentage of alerts flagged as incidents that weren’t real.
|
||||
|
||||
|
||||
10. Detection Accuracy: Ratio of true positives to total alerts.
|
||||
|
||||
|
||||
11. SLA Compliance Rate: % of incidents resolved within agreed SLA timelines.
|
||||
|
||||
|
||||
12. Incident Recurrence Rate: Rate at which similar incidents reoccur.
|
||||
|
||||
|
||||
13. User-Reported vs. System-Detected Incidents: Comparison of manually vs. automatically detected issues.
|
||||
|
||||
|
||||
14. Cost per Incident: Average financial impact of each incident.
|
||||
|
||||
|
||||
15. Time to Escalation: Time from detection to escalation to a higher tier/team.
|
||||
|
||||
|
||||
16. Incident Closure Rate: % of incidents resolved within a defined period.
|
||||
|
||||
|
||||
17. Incident Root Cause Categories: Classification of underlying causes.
|
||||
|
||||
|
||||
18. Volume of Phishing/Malware/Ransomware Incidents: Count of incidents by type.
|
||||
|
||||
|
||||
19. Percentage of Automated vs. Manual Responses: Share of responses handled automatically.
|
||||
|
||||
|
||||
20. Resolution SLA Breach Rate: % of incidents resolved after SLA deadlines.
|
||||
|
||||
|
||||
|
||||
Tracking these helps teams reduce downtime, improve security posture, and meet business expectations.
|
||||
Loading…
Add table
Add a link
Reference in a new issue