1 hour 4 minutes
in this lesson, we'll talk about defining deadlines in relation to incidents, severity,
creating as L A's or service level agreements
and meeting and reporting on performance against s Always
when a severity one incident is declared in what time frame does the incident need to be resolved?
The answer is it depends and it will differ for each organization.
Case management requires that expected time to resolution for each level of incident be defined and understood by all stakeholders.
If a severity one incident has no defined resolution time, there is no way for practitioners to know when they need to fix an issue.
If a severity one incident has no defined resolution time, there is no way for practitioners to know by when they need to fix an issue.
S L A's or service level agreements our commitments to specified performance indicators.
For example, an S L. A. For a priority. One incident, maybe an agreement to have incidents off this level resolved within one hour of being reported
so a priority to incident may have an agreed time to resolution of four hours.
An example matrix for SLS is shown here,
having well defined and agreed upon metrics for the resolution of cases is useful in terms of having events and incidents remediated in a timely manner.
Statistics such as meantime to resolution MTT are, among others, should be recorded for each case so that analysis can be performed and performance against SL is measured to determine where there may be room for improvement in the case management process.
What is MTT are
MTT up is meantime to resolution, which is an important metric in enterprise security case management.
In this lesson, we covered defining deadlines in relation to incidents, severity,
creating s always or service level agreements, as well as meeting and reporting on performance against a size.
Enterprise Security Case Management
In this online course about Enterprise Security Case Management, you will learn about tools and techniques which help cybersecurity practitioners manage evidence and related case data to preserve their integrity.