Measuring Metrics in Incident Response

In today's cybersecurity landscape, Incident Response plays a critical role in mitigating the impact of increasingly sophisticated cyber-attacks. To measure the effectiveness of Incident Response, organizations deploy several metrics. However, these metrics often face limitations and challenges which will be covered in this study. The contribution of this paper is to identify some metrics that have been well-defined and explain their method of measurement, and any challenges associated with them. The goal is to serve as an educational resource for analysts or beginners to better understand how these metrics function. This will be done by using academic literature and real-world reports to extract well-known metrics. Additionally, this study will develop a prototype of a Security Information and Event Manager (SIEM) to demonstrate how different scenarios can impact the measurement of a metric.