Useful KPIs for a Security Operation Center (SOC)
Useful KPIs for a Security Operation Center (SOC)
No | KPI |
1 | The percentage of phishing emails opened by your end-users |
2 | Phishing emails informed by end users |
3 | Number of intrusion attempts |
4 | Percentage of systems covered for backup and frequency |
5 | Successful backups, resolution of backup issues |
6 | Number of change requests and changes |
7 | Number of unauthorized changes |
8 | Percentage of outage due to changes (planned unavailability) |
9 | Percentage of outage due to incidents (unplanned unavailability) |
10 | Outages as a result of attacks (ex: DDoS, ransomware, internal etc) |
11 | Security awareness training completion Rate |
12 | The effectiveness of the training program. (Is there a reduction of incidents as a result of the training?) |
13 | Average password strength for IT Systems |
14 | Number of unidentified devices on network |
15 | Device inventory and health |
16 | Percentage of system covered for monitoring and response |
17 | Percentage of internet syslog events collected |
18 | Number of lost or stolen corporate devices |
19 | Number of new threats identified in the enterprise |
20 | Number of network probing attempts |
21 | Defense effectiveness Rate |
22 | Vulnerabilities by criticality/severity/priority ratings |
23 | Vulnerability aging |
24 | Number of known vulnerabilities on externally facing systems. |
25 | Number of known vulnerabilities on internal systems. |
26 | Attack & Threat frequency |
27 | Virus infection activity (real time notification) |
28 | Mean Time to detect incidents |
29 | Mean Time to resolve incidents |
30 | Project completion metrics for new tools or services |
31 | Virus/malware metrics |
32 | Number of cybersecurity incidents reported by end users to the IT team |
33 | Botnet sharing grade |
34 | Peer-to-Peer file sharing grade |
35 | Open port grade |
36 | Number of security policies & standards that have been fully implemented and adopted |
37 | Number of exceptions for compliance with policy and procedure by IT, etc. |
38 | Compliance with industry regulations and other legal requirements an organization |
39 | Patching frequency |
40 | Patch policy compliance |
41 | Mean time between security patch release and implementation. |
42 | Risk assessment scoring |
43 | Disaster recovery test results |
44 | Value of the security investment, either in people, processes, or technologies |