Your SOC Metrics Aren't Measuring Security
Keeping the status quo was a mistake. I was building a SOC, in-housing all the outsourced capabilities from a Managed Security Services Provider (MSSP), and I had been asked to provide some specific metrics for an internal governance board. The same metrics the MSSP had been reporting. I provided them without questioning whether they were still appropriate, or whether they’d be the right ones for us going forward. They were not. ...