2nd Edition

Tracking the trends and news for IT and IT Security

Paul

Understanding metrics to measure SOC effectiveness

site-icon.pngUnderstanding metrics to measure SOC effectiveness>
Secure List – Sarim Rafiq Uddin
Apart from revenue and profits, there are two key principles that drive business success: Maintaining business operations to achieve the desired outcomes Continually improving by bringing in new ideas or initiatives that support the overall goals of the business Measuring routine operations Example 1: Measuring analystsâ wrong verdicts

Measuring this metric can aid in identifying critical areas that may affect the outcome of the security monitoring process. It should be noted that this metric is an internal KPI, and the SOC manager has set a target of 10% (target value is often set based on the existing levels of maturity). If the percentage of this metric exceeds the established target, it suggests that the SOC analystâs triage skills may require improvement, hence providing valuable insight to the SOC manager.

Example 2: Measuring alert triage queue

Evaluating this metric can provide insights into the workload of SOC analysts. Example 3: Measuring time to detect incidents

Measuring this metric can provide insights into the efficiency of the security monitoring service for both internal and external stakeholders. Itâs important to note that this metric is categorized as a service-level indicator (SLI), and the target value is set at 30 minutes. Measuring improvement OC leadership should devise a program where management and SOC employees get an opportunity to create and pitch ideas for improvement. Metric identification and prioritization SOCs generally do measure their routine operations and improvements using âmetricsâ. However, they often struggle to recognize if these metrics are supporting the decision-making process or showing any value to the stakeholders. Hunting for meaningful metrics is a daunting task. The common approach we have followed in SOC consulting services to derive meaningful metrics is to understand the specific goals and operational objectives of security operations. Another proven approach is the GQM (Goal-Question-Metric) system that involves a systematic, top-down methodology for creating metrics that are aligned with an organizationâs goals. By starting with specific, measurable goals and working backwards to identify the questions and metrics needed to measure progress towards those goals, the GQM approach ensures that the resulting metrics are directly relevant to the SOCâs objectives.

To determine the appropriate metrics, several factors should be taken into account: Metrics must be aligned with the primary goals and operational objectives Metrics should assist in the decision-making process Metrics must demonstrate their purpose and value to both internal operations and external stakeholders. Metrics should be realistically achievable in terms of data collection, data accuracy, and reporting. Metrics must also meet the criteria of the SMART (Specific, Measurable, Actionable, Realistic, Time-based) model. Ideally, metrics should be automated to receive and analyze current values in order to visualize them as quickly as possible.
Link: https://securelist.com/understanding-metrics-to-measure-soc-effectiveness/109061/

Categories:

Tags: