Talk B-2: How to measure Efficiency in Security Operations

Definition of the term “security operations” can vary widely between different organizations. For some, it may only mean “security monitoring”, while for others it may encompass everything from proactive detection of threats to incident response and vulnerability management. No matter the specific scope, many modern organizations have dedicated specialists or teams in place to deal with what they consider to be “security operations”.

Significant number of these organizations, however, lack any formal processes or mechanisms to verify whether security operations in their environment function efficiently and effectively. In such cases, it is surprisingly easy for a SOC, CSIRT, or any other relevant team, to become a proverbial “black box”, which might – or might not – function as the organization initially intended it to.

In this talk, we will explore various methodologies and approaches, which organizations may use to assess and measure the efficiency of different elements of their security operations programs. Furthermore, we will discuss how these tools may help organizations not just to avoid the aforementioned “black box” scenario, but also to develop an improvement roadmap for a security operations team or program.