<p>Incident response metrics help an organization assess its ability to deal with cybersecurity incidents effectively, quickly and responsibly. Where response efforts are inadequate, metrics can help cybersecurity teams and corporate leadership pinpoint what needs to change.</p>
<p>If an organization only ever experienced a couple of isolated cyberattacks, tracking these KPIs would be a wasted effort. For most enterprises, however, <a href=”https://www.techtarget.com/whatis/definition/security-incident”>security incidents</a> are ongoing and, for many, increasing in frequency and impact every year.</p>
<p>Faced with the continual need to respond, an organization needs ways to monitor and evaluate outcomes. Tracking useful metrics helps the organization determine whether incident response is getting faster, more effective and more efficient.</p>
<p>When metrics show that responses are not improving in all three ways, it’s likely time to revise the <a href=”https://www.techtarget.com/searchsecurity/feature/5-critical-steps-to-creating-an-effective-incident-response-plan”>incident response plan</a>, upskill staff or upgrade the cybersecurity tool set. If making any substantial changes to the response plan, an organization should put the updated plan to the test in <a href=”https://www.techtarget.com/searchsecurity/tip/How-to-conduct-incident-response-tabletop-exercises”>tabletop incident response drills</a> and adjust if needed.</p>
<p>With a revised incident response plan in place, an organization should take the following steps to assess its effectiveness:</p>
<ul class=”default-list”>
<li>Revise the relevant metrics as needed — i.e., add or drop metrics.</li>
<li>Adjust targets for metrics for the coming year.</li>
<li>Continue to track metrics and their medians through future security incidents.</li>
</ul>
<section class=”section main-article-chapter” data-menu-title=”Key incident response metrics”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Key incident response metrics</h2>
<p>Organizations can monitor a variety of response metrics to measure how effectively they respond to security incidents. What they can measure depends on the available resources and data. At minimum, every organization should try to track metrics that measure speed, effe
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: