richardk/iso27diy-corp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
iso27diy-corp/Corpus/Sparks/KPIs in Incident Response.md

72 lines
No EOL
2.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
tags:
- metrics
Related:
- "[ISO_27002_2022_5.24_PE Information security incident management planning and preparation](../../../iso27DIY-gis/reference/Paraphrased/ISO27002-2022-EN/ISO_27002_2022_5.24_PE%20Information%20security%20incident%20management%20planning%20and%20preparation.md)"
---
# KPIs in Incident Response
Here are 20 essential KPIs, with short definitions to guide your tracking and improvement efforts:
1. Mean Time to Detect (MTTD): Avg. time taken to identify an incident.
2. Mean Time to Respond (MTTR): Avg. time between detection and first mitigation action.
3. Mean Time to Contain (MTTC): Avg. time to stop the incident from spreading.
4. Mean Time to Resolve (MTTRv): Avg. time to fully fix and close the incident.
5. Number of Incidents Detected: Total incidents identified in a time period.
6. Percentage of Incidents by Severity Level: Distribution of incidents by criticality.
7. First Response Time: Time from detection to initial analyst response.
8. Number of Reopened Incidents: Count of incidents reopened after closure.
9. False Positive Rate: Percentage of alerts flagged as incidents that werent real.
10. Detection Accuracy: Ratio of true positives to total alerts.
11. SLA Compliance Rate: % of incidents resolved within agreed SLA timelines.
12. Incident Recurrence Rate: Rate at which similar incidents reoccur.
13. User-Reported vs. System-Detected Incidents: Comparison of manually vs. automatically detected issues.
14. Cost per Incident: Average financial impact of each incident.
15. Time to Escalation: Time from detection to escalation to a higher tier/team.
16. Incident Closure Rate: % of incidents resolved within a defined period.
17. Incident Root Cause Categories: Classification of underlying causes.
18. Volume of Phishing/Malware/Ransomware Incidents: Count of incidents by type.
19. Percentage of Automated vs. Manual Responses: Share of responses handled automatically.
20. Resolution SLA Breach Rate: % of incidents resolved after SLA deadlines.
Tracking these helps teams reduce downtime, improve security posture, and meet business expectations.
Reference in a new issue View git blame Copy permalink