I track what the sources of incidents are, so that if we see an increase in malware incidents resulting from phishing attacks, we can visit our phishing defense strategy. I track the difference in time between when an analyst starts working on an incident compared to when the incident actually occurs. This is key to identifying how long it takes to respond to an incident. If it's taking too long, then that poses a serious risk to the organization.
I created the SharePoint list so that the data entry is simple and doesn't take more than a few minutes per incident to complete. I use lots of pull-down and checkboxes and I try to minimize the amount of free-form text boxes. What's nice about SharePoint lists is that I can easily export the list to an Excel spreadsheet and create pivot charts that represent the various metrics I use to measure both the effectiveness of the security operations function and various trends within the enterprise. Once I create the pivot charts, I simply update the table to obtain the most current data. Once I have the pivot charts looking pretty, I simply copy and paste them into a PowerPoint slide presentation or make them available on our CIO dashboard.
Sign up for CIO Asia eNewsletters.