Question: Are incident-response metrics, dashboards, and trends reviewed by management to guide investments and improvements?
Why This Matters
Metrics transform IR from reactive firefighting into measurable performance. Management visibility drives accountability and budget support.
Maturity
0 — Unaware
No metrics or reporting.
No metrics or reporting.
1 — Ad Hoc
Basic counts of incidents shared informally.
Basic counts of incidents shared informally.
2 — Defined
Standard metrics collected monthly.
Standard metrics collected monthly.
3 — Managed
Dashboard reviewed in governance meetings.
Dashboard reviewed in governance meetings.
4 — Integrated
KPIs aligned with risk register and objectives.
KPIs aligned with risk register and objectives.
5 — Optimized
Predictive analytics guide staffing and investment.
Predictive analytics guide staffing and investment.
How to Level Up
| From → To | Actions |
|---|---|
| 0 → 1 | Track Number of incidents per month. |
| 1 → 2 | Add MTTA, MTTR, and closure rates. |
| 2 → 3 | Create dashboard and review monthly. |
| 3 → 4 | Link metrics to risk and budget plans. |
| 4 → 5 | Apply trend forecasting for resourcing. |
Enablers
- People: IR Lead, CISO, Risk Committee
- Process: Monthly metric review cycle
- Technology: Dashboard tool (Grafana, Metabase), data ETL
Evidence
- Metric dashboard screenshots
- Review meeting minutes
- Action items and tracking
KPIs
- Number of incidents closed on time
- Mean time to respond and recover
- Percentage of actions closed per cycle
Low-Cost / Open-Source Options (MSME)
| Purpose | Tool | Notes |
|---|---|---|
| Dashboarding | Metabase / Grafana | Automated KPIs |
| ETL | n8n / Airbyte | Pull data from tickets |
| Tracking | Airtable / Notion | Action register |
Common Pitfalls
- Collecting metrics without analysis
- Dashboards not shared with management
- KPIs not tied to risk goals
Compliance Mapping
| Standard | Clauses / Notes |
|---|---|
| ISO/IEC 27001:2022 | A.10 (Improvement and Monitoring) |
| CERT-In 2022 | Section 37 (Metric Reporting) |
| DPDP Act 2023 | Sec 10 (Accountability) |
| NIST CSF 2.0 | GV.MA / RC.MI |
| NIRMATA Mapping | IR-Q11 provides management oversight and trend evidence. |