OM-5.5.44
1. Metrics to measure impact of a cyber incident:
(a) Duration of unavailability of critical functions and services;
(b) Number of stolen records or affected accounts;
(c) Volume of customers impacted;
(d) Amount of lost revenue due to business downtime, including both existing and future business opportunities;
(e) Percentage of service level agreements breached.
2. Performance metrics for incident management:
(a) Volume of incidents detected and responded via automation;
(b) Dwell time (i.e. the duration a threat actor has undetected access until completely removed);
(c) Recovery Point objectives (RPO) and recovery time objectives (RTO) satisfied.
Added: July 2021