Lesson 6 of 9
In Progress

Operational Metrics

The purpose of the GSOC Operational Metrics is to give management insight on the overall health of the GSOC. Also, it will be used to track daily and weekly steady state operations. These metrics are delivered in near Real-time through Archer SecOps dashboard and can be extracted for distribution via email. Following are a few examples of these metrics to provide some context around their actual implementation using dummy data.

Report Classification
Distribution ScopeGSOC
AudienceGlobal CISO / Member Firm CISOs / GSOC Manager / NITSO
Mode of GenerationAutomated
Distribution ChannelRSA Archer SecOps
Production FormatRSA Archer SecOps Persona-based Dashboards
Data ScheduleNear Real-time
Data SourceRSA Archer SecOps / Security Analytics

1.1              Incident Metrics

Metrics surrounding the KPIs around the incidents handling.

1.1.1          Source of Incidents Created

Defines the sources of incident detection or reporting.

1.1.2          Time Duration Event Detected and Record Created

Reflects the time between when the event was detected in SIEM and when the Incident record was created.

1.1.3          Incident % False Positive

Displays the percentage of incidents recorded that were identified as False Positives later on.

1.1.4          Time Duration between Incident Acknowledged and Incident Contained

The time between when the incident was acknowledged by the Member Firm and its containment. (Apply for P2 and P1 – Member Firms are not expected to report on P3 and P4).

1.1.5          Incident % Escalated from L1 to L2

The percentage of incidents escalated from L1 to L2 within the KPMG GSOC distributed by week.

1.1.6          Incidents Created & Closed

1.1.7          Incident % Escalated from L2 to L3

The percentage of incidents escalated from L2 to L3 within the KPMG GSOC distributed by week.

1.1.8          Incident % handled purely at L1

The percentage of incidents handled at L1.

1.1.9          Incident Count by Member Firm

Distribution of Incidents laid out by member firm on weekly basis.