Create Incident Response Metrics Worth Reporting
by Adrian Sanabria, IANS Faculty
The purpose of any metric should first and foremost be to improve the processes they serve to measure. In incident response (IR), speed is key – if you’re not faster than your adversary, there should be a plan to get there. Burnout within
the IR and security operations center (SOC) teams is also a common issue that metrics can help track and prevent. This piece explains how to create IR metrics that focus on improvement and are likely to resonate with management, including understanding:
- What IR metrics are not worth focusing on
- What metrics should be prioritized for improvement
- What metrics should be reported to management
- What an ideal response time is
- How to properly resource metrics tracking and production
Complete the form and we'll send a copy of the IR metrics guide to your email.