Useful KPIs for a Security Operation Center (SOC)
Useful KPIs for a Security Operation Center (SOC)
| No | KPI |
| 1 | The percentage of phishing emails opened by your end-users |
| 2 | Phishing emails informed by end users |
| 3 | Number of intrusion attempts |
| 4 | Percentage of systems covered for backup and frequency |
| 5 | Successful backups, resolution of backup issues |
| 6 | Number of change requests and changes |
| 7 | Number of unauthorized changes |
| 8 | Percentage of outage due to changes (planned unavailability) |
| 9 | Percentage of outage due to incidents (unplanned unavailability) |
| 10 | Outages as a result of attacks (ex: DDoS, ransomware, internal etc) |
| 11 | Security awareness training completion Rate |
| 12 | The effectiveness of the training program. (Is there a reduction of incidents as a result of the training?) |
| 13 | Average password strength for IT Systems |
| 14 | Number of unidentified devices on network |
| 15 | Device inventory and health |
| 16 | Percentage of system covered for monitoring and response |
| 17 | Percentage of internet syslog events collected |
| 18 | Number of lost or stolen corporate devices |
| 19 | Number of new threats identified in the enterprise |
| 20 | Number of network probing attempts |
| 21 | Defense effectiveness Rate |
| 22 | Vulnerabilities by criticality/severity/priority ratings |
| 23 | Vulnerability aging |
| 24 | Number of known vulnerabilities on externally facing systems. |
| 25 | Number of known vulnerabilities on internal systems. |
| 26 | Attack & Threat frequency |
| 27 | Virus infection activity (real time notification) |
| 28 | Mean Time to detect incidents |
| 29 | Mean Time to resolve incidents |
| 30 | Project completion metrics for new tools or services |
| 31 | Virus/malware metrics |
| 32 | Number of cybersecurity incidents reported by end users to the IT team |
| 33 | Botnet sharing grade |
| 34 | Peer-to-Peer file sharing grade |
| 35 | Open port grade |
| 36 | Number of security policies & standards that have been fully implemented and adopted |
| 37 | Number of exceptions for compliance with policy and procedure by IT, etc. |
| 38 | Compliance with industry regulations and other legal requirements an organization |
| 39 | Patching frequency |
| 40 | Patch policy compliance |
| 41 | Mean time between security patch release and implementation. |
| 42 | Risk assessment scoring |
| 43 | Disaster recovery test results |
| 44 | Value of the security investment, either in people, processes, or technologies |
