Metrics and Indicators of Information Security Incident Management: A Systematic Mapping Study

The number of threats and vulnerabilities has increased rapidly in recent years. For this reason, organizations are in need of providing improvements in their computer security incident management (CSIM), in order to safeguard their intellectual capital. Therefore, the identification and use of both metrics and indicators are a crucial factor to manage security incidents. In this context, organizations try to improve their level of CSIM based on standards or only according to their criteria based on their experience. This article aims at carrying out a systematic mapping study of academic articles conducted in this research area, in order to present a document that describes metrics and indicators of security incidents in organizations. The results of this work show and describe several key indicators and metrics related to the cost, quality, and service (time) involved in dealing with such incidents. Also, it is expected that this study serves as a strategic reference for organizations.