Reporting

From Socology.org - The Study of Security Operations
Revision as of 04:56, 17 October 2018 by Frankangiolelli (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Reporting is how the Security Operations Center collects information that translates value, measures KPIs that determine success criteria and identify challenges and roadblocks.

Reporting can also be used for performance metrics.

Merriam-Webster defines a report as[1]:

  a : a usually detailed account or statement
  b : an account or statement of a judicial opinion or decision
  c : a usually formal record of the proceedings of a meeting or session

Questions for Success

  • What metrics will identify, at a management level, whether the SOC is maintaining its expected performance?
  • What metrics will identify where any gaps are occurring and potentially why?
  • What metrics would translate to the business?
  • How can performance be measured in a consistent way?
  • What metrics identify compliance?

From experience, time based metrics - e.g. line chart showing the value over time - provides good visibility into issues.