Useful KPIs for a Security Operation Center (SOC)

Useful KPIs for a Security Operation Center (SOC)

No KPI
1 The percentage of phishing emails opened by your end-users
2 Phishing emails informed by end users
3 Number of intrusion attempts
4 Percentage of systems covered for backup and frequency
5 Successful backups, resolution of backup issues
6 Number of change requests and changes
7 Number of unauthorized changes
8 Percentage of outage due to changes (planned unavailability)
9 Percentage of outage due to incidents (unplanned unavailability)
10 Outages as a result of attacks (ex: DDoS, ransomware, internal etc)
11 Security awareness training completion Rate
12 The effectiveness of the training program. (Is there a reduction of incidents as a result of the training?)
13 Average password strength for IT Systems
14 Number of unidentified devices on network
15 Device inventory and health
16 Percentage of system covered for monitoring and response
17 Percentage of internet syslog events collected
18 Number of lost or stolen corporate devices
19 Number of new threats identified in the enterprise
20 Number of network probing attempts
21 Defense effectiveness Rate
22 Vulnerabilities by criticality/severity/priority ratings
23 Vulnerability aging
24 Number of known vulnerabilities on externally facing systems.
25 Number of known vulnerabilities on internal systems.
26 Attack & Threat frequency
27 Virus infection activity (real time notification)
28 Mean Time to detect incidents
29 Mean Time to resolve incidents
30 Project completion metrics for new tools or services
31 Virus/malware metrics
32 Number of cybersecurity incidents reported by end users to the IT team
33 Botnet sharing grade
34 Peer-to-Peer file sharing grade
35 Open port grade
36 Number of security policies & standards that have been fully implemented and adopted
37 Number of exceptions for compliance with policy and procedure by IT, etc.
38 Compliance with industry regulations and other legal requirements an organization
39 Patching frequency
40 Patch policy compliance
41 Mean time between security patch release and implementation.
42 Risk assessment scoring
43 Disaster recovery test results
44 Value of the security investment, either in people, processes, or technologies