The purpose of the GSOC Operational Metrics is to give management insight on the overall health of the GSOC. Also, it will be used to track daily and weekly steady state operations. These metrics are delivered in near Real-time through Archer SecOps dashboard and can be extracted for distribution via email. Following are a few examples of these metrics to provide some context around their actual implementation using dummy data.
|Audience||Global CISO / Member Firm CISOs / GSOC Manager / NITSO|
|Mode of Generation||Automated|
|Distribution Channel||RSA Archer SecOps|
|Production Format||RSA Archer SecOps Persona-based Dashboards|
|Data Schedule||Near Real-time|
|Data Source||RSA Archer SecOps / Security Analytics|
Metrics surrounding the KPIs around the incidents handling.
Defines the sources of incident detection or reporting.
Reflects the time between when the event was detected in SIEM and when the Incident record was created.
Displays the percentage of incidents recorded that were identified as False Positives later on.
The time between when the incident was acknowledged by the Member Firm and its containment. (Apply for P2 and P1 – Member Firms are not expected to report on P3 and P4).
The percentage of incidents escalated from L1 to L2 within the KPMG GSOC distributed by week.
The percentage of incidents escalated from L2 to L3 within the KPMG GSOC distributed by week.
The percentage of incidents handled at L1.
Distribution of Incidents laid out by member firm on weekly basis.