Security Metrics & KPIs
Measuring security effectiveness, reporting, and continuous improvement.
Overview
Metrics demonstrate security program value.
Key Metrics
| Metric | Target | Purpose |
|---|---|---|
| Mean Time to Detect | < 1 hour | Detection speed |
| Mean Time to Respond | < 4 hours | Response speed |
| Patch Coverage | > 95% | Vulnerability mgmt |
| Phishing Click Rate | < 5% | User awareness |
| Incident Rate | Decreasing | Overall security |
Operational Metrics
# Security metrics dashboard
metrics = {
"vulnerabilities": {
"critical": count_critical(),
"high": count_high(),
"medium": count_medium(),
"mean_time_to_remediate": calculate_mttr()
},
"incidents": {
"total": count_incidents(),
"by_type": incidents_by_type(),
"mean_time_to_detect": calculate_mttd(),
"mean_time_to_respond": calculate_mttr()
},
"compliance": {
"audit_score": get_audit_score(),
"policy_exceptions": count_exceptions(),
"training_completion": get_training_rate()
}
}
Reporting Dashboard
# Executive report
def generate_executive_report():
return {
"period": "Q1 2024",
"highlights": [
"Reduced vulnerabilities by 30%",
"Improved phishing resilience to 95%",
"Achieved SOC 2 compliance"
],
"metrics": {
"incidents": 5,
"mttd": "45 minutes",
"mttr": "3.2 hours",
"patch_coverage": "97%"
},
"risks": [
"Legacy systems requiring upgrade",
"Third-party vendor risk"
]
}
KPI Categories
| Category | Metrics |
|---|---|
| Vulnerability | Count, age, remediation time |
| Incident | Count, type, severity, response time |
| Compliance | Audit scores, exceptions |
| Awareness | Training completion, phishing results |
| Availability | Uptime, recovery success |
Continuous Improvement
Architecture Diagram
1. Measure → Collect data
2. Analyze → Identify trends
3. Report → Communicate findings
4. Act → Implement changes
5. Verify → Confirm improvements
Practice
Create a security metrics dashboard and executive report.