Security Incident Response (SIR)
Adoption Journey
Outcomes & Metrics
Modernize
Transform
Innovate
Maturity Level 1: Modernize
Consumer
Phase
Capabilities
Value
Security Analysts, CSO, CISO, Security Operations, IT Operations
Unify Response
Faster Security Response
Security
Incidents
Reporting & Dashboards
Outcomes
Metrics
- Automated Prioritization
- Automated Assignment
- Single System of record/action
- Improved visibility
- Increased productivity
- Monitor/Manage operations
- # of SIEM Ingestion Integrations
- # of Security Incident Response/SIT opened and closed
- Review work notes
- Inspect assessment rules
- # of trained analysts & login frequency
- Dedicated admin and manager?
- # of inbound email security incidents
Maturity Level 3: Innovate
Consumer
Phase
Capabilities
Value
Security Analysts, CSO, CISO, Security Operations, IT Operations
Intelligent Automation
Enterprise Protection
Threat Sharing
Automated Remediation
Outcomes
Metrics
- Greatly reduce manual effort
- Orchestrate 80% of tools in inf.
- Integrate with new tools easily
- Continual Process Improvement
- Advanced Threat Hunting
- % of Workflows automated
- # of configured capability impls.
- # of SLA results – making it or not
- Measuring MTTI/MTTR, trending
- # of custom integrations§
- # of incidents closed per analyst
Maturity Level 2: Transform
Consumer
Phase
Capabilities
Value
Security Analysts, CSO, CISO, Security Operations, IT Operations
Business Integration
Improved Situational Awareness
Reporting & Dashboards
Outcomes
Metrics
- Consistent & partially automated processes
- Accelerated response
- Improved Decision Making§Increased Productivity
- # threat intel enhancements
- # of workflow versions/contexts
- # of configured capability impls.
- # of integration executions
- # of SLA results – making it or not
- # of incidents closed and trend
Int. with Incident, Problem & Change
Risk &
Impact
Awareness
Business Prioritization
Maturity Level 1
Maturity Level 2
Maturity Level 3