Entire section Custom print Link Text Only Rich Text Print
  Versions

 

CRA-5.8.14N

Licensees should establish metrics to measure the impact of a cyber incident and to report to management the performance of response activities. Examples include:

(a) Metrics to measure impact of a cyber incident:
(i) Duration of unavailability of critical functions and services;
(ii) Number of stolen records or affected accounts;
(iii) Volume of clients impacted;
(iv) Amount of lost revenue due to business downtime, including both existing and future business opportunities; and
(v) Percentage of service level agreements breached.
(b) Performance metrics for incident management:
(i) Volume of incidents detected and responded via automation;
(ii) Dwell time (i.e. the duration a threat actor has undetected access until completely removed); and
(iii) Recovery Point objectives (RPO) and recovery time objectives (RTO) satisfied.
Added: April 2023