SOC METRICS
Some typical SOC metrics to demonstrate the SOC value to the business decision makers may include:
- The mean TTD of the incident after its occurrence
- The mean time to contain the incident after its detection
- The mean time to mitigate the incident after its containment
- The number of incidents being detected, contained, and mitigated
- The percentage of the discovered incidents found using the plays in the SOC playbook
- The number of new plays added to the SOC playbook
- The number of zero-day attack detections
- The false positive or true positive detection rate
- The operational cost of running the SOC