This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
What is practical difference between KPIs and Quality indicators?
#1
Hi all,

Could somebody provide insights on what is the practical difference between KPIs and Quality indicators? 
With some examples and references to methodological background if possible.

For me these terms are similar from practical perspective. For example, TTR (Time To React) is a KPI (which shows how well I am performing) as well as quality indicator for Security Incident Management service (show how well I am delivering service against agreed parameters (a quality means degree of compliance to the applicable requirements)).
Reply
#2
Hi Sigitas,

I suppose these indicator types will sometimes overlap. Some performance indicators will say something about the quality of a service. But not always. Consider the case of an managed security service provider. A performance indicator is created to measure if initial triage of alerts from the SIEM is sufficiently fast. This indicator will provide information on timely response, but says nothing about the quality of the triage. So, an additional quality indicator is introduced that measures the false positive rate after triage (incorrect triage). Together, these indicators provide information on both speed and accuracy of initial response and can be used to measure service quality.

Regards,
Rob.
Keep calm and share knowledge
Reply
#3
I had opportunity to dig bit deeper and found some interesting research, which could be lead to some interesting findings. So, sharing: https://www.researchgate.net/publication...s_A_Review
Reply
#4
(03-30-2020, 10:21 AM)sigitas.rokas Wrote: Hi all,

Could somebody provide insights on what is the practical difference between KPIs and Quality indicators? 
With some examples and references to methodological background if possible.

For me these terms are similar from practical perspective. For example, TTR (Time To React) is a KPI (which shows how well I am performing) as well as quality indicator for Security Incident Management service (show how well I am delivering service against agreed parameters (a quality means degree of compliance to the applicable requirements)).
Hi Sigitas,
Every element of a SOC is having metrics ... often we use play/run book swimlane diagrams to define KPIs for for instance use case request, response, hunting, analysis, log source acquisition etc. etc. ... as an example the KPIs for Intelligence Driven Response - could be "Ticket analysis time" - "validation time" - if intel response, then what controls apply - will that drive a rule change - so what is the time for that process - if not should that adjust the runbook - if yes, then the time for how long that takes. any update on the use-case side will be timed - and of course the opening to closing the ticket. These are just a few examples in one playbook type. 
Hope that make sense to some extend.
Kr, NEA
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)