SEF-05: Incident Response Metrics

CSF v1.1 References:

Previous Version:

Control Statement

Establish and monitor information security incident metrics.

Implementation Guidance

Organizations should define, implement and monitor metrics associated with events and incidents to detect any weaknesses in the operational processes or technical controls which support effective incident management. Metrics may quantify:

  1. Volume of events and ratio of events to incidents.
  2. Incidents by type, product, department, severity, etc.
  3. Timeliness of procedural execution for identification, investigation, and resolution.
  4. Variances from documented procedures.

Auditing Guidance

  1. Verify that metrics have been established to measure information security incidents.
  2. Verify that metrics together demonstrate the efficacy, effectiveness and success of the information security incident response plan to address incidents as they happen.
  3. Verify that the metrics are measured and reported to stakeholders.

[ Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.