Security Incident Management Premium dashboard

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Security Incident Management Premium dashboard

    The Security Incident Management Premium dashboard leverages advanced Platform Analytics visualizations to help security managers monitor and manage security incidents through their lifecycle—from detection and analysis to containment, eradication, and recovery. It requires a licensed version of Performance Analytics to function.

    Show full answer Show less

    End users and roles

    • Security Response Manager (snsi.manager): Gains clear visibility into the volume and state of security incidents related to applications and services, with the ability to adjust assignment group members and review overall security posture.
    • Security Response Administrator (snsi.admin): Quickly identifies areas of concern, manages all Security Incident Response data, administers territories and skills, and adjusts risk calculation parameters to prioritize organizational vulnerabilities.
    • Security Response Analysts (snsi.analyst): Prioritize vulnerabilities based on criticality and handle tasks including creating and updating security incidents, requests, tasks, and related problems, changes, or outages.

    Key features and indicators

    The dashboard contains several tabs with workbench widgets and indicators designed to provide actionable insights:

    • Process by State and Process by Age Tabs: Display key metrics such as:
      • Average age of open security incidents (in days)
      • Average reassignment times of incidents
      • Average age since the last update of incidents (in days)
      • Percentage of open incidents not updated in the last 5 days
    • Data Quality Tab: Offers interactive filtering by incident category, risk, priority, and severity levels. It highlights:
      • Incidents open for more than 30 days, grouped by assignment group and state
      • Incidents with inactive or no assignees
      • Incidents not updated in the last 30 days, broken down by assignment group and state
    • KPI Tab: Provides additional performance indicators such as:
      • Percentage of new critical security incidents
      • Average age and close time of open security incidents
      • Percentage of incidents reassigned
      • Percentage closed on first assignment or via self-service
      • Percentage of incidents not solved
      • Average close time of security incident tasks

    Breakdowns and related concepts

    Indicators on the dashboard can be broken down by:

    • Security Group
    • Security Incident Age
    • Security Incident Category
    • Security Incident Priority
    • Security Incident State

    Related dashboards include the CISO dashboard, Security Incident Management dashboard, Security Incident Explorer dashboard, and Security Operations Efficiency dashboard, which provide complementary views and insights.

    This dashboard uses advanced Platform Analytics visualizations to aid security managers to track the volume, performance and progress of security incidents from initial analysis/detection to containment, eradication, and recovery. The licensed version of Performance Analytics is therefore required.

    Figure 1. Security incident response by state
    The Process by State tab of the Security Incident Management Premium dashboard
    Figure 2. Security incident response by age
    Workbench widget showing key security incident indicators broken down by age

    End users and roles

    End user and goal Required role Benefits
    Security Response Manager: Needs clear visibility into the overall state and volume of security incidents associated with applications and services. sn_si.manager Can review the overall security posture with the ability to adjust the members of assignment groups.
    Security Response Administrator: Needs to pinpoint areas of concern quickly and have full control over all Security Incident Response data while administering territories and skills, as needed. sn_si.admin Can adjust risk calculation parameters to ensure vulnerable items that are most pertinent to the organization are being addressed first.
    Security Response Analysts: Need to quickly prioritize which vulnerabilities to focus on based upon criticality to the organization. sn_si.analyst Tier 1 and 2 security analysts work on security incidents. They can create and update security incidents, requests, and tasks, as well as problems, changes, and outages related to their incidents.

    Security Incident Management Premium indicators

    The Process by State and Process by Age tabs contain workbench widgets with the following indicators:
    Average age
    The Average age of open security incidents indicator uses the formula [[Summed age of open security incidents]] / [[Number of open security incidents]] / 24 to give a result in days.
    Average reassignment times
    The Average re-assignment of open security incidents indicator uses the formula Summed re-assignment of open security incidents / Number of open security incidents.
    Average age of last update
    The Average age of last update of open security incidents indicator uses the formula Summed age of last update of open security incidents / Number of open security incidents / 24 to give a result in days.
    % not updated in 5 days
    The % of open security incidents not updated in last 5 days indicator uses the formula ( [[Number of open security incidents not updated in the last 5 days]] / [[Number of open security incidents]] ) * 100.
    The Data Quality tab has interactive filters for the Category of the security incident and the levels of Risk, Priority, and Severity. These filters are applied simultaneously to the following indicators:
    Security Incidents Open for More Than 30 Days by Assignment Group and State
    The Number of open security incidents filtered for an age of 30 days and broken down by Assignment group and State.

    Heatmap widget of security incidents open more than 30 days with the Assignment Group and State level 1 and 2 breakdowns

    Security Incidents With Assignee That is not Active
    The Number of open security incidents with no assignee or an assignee who is not active.
    Security Incidents Open for More Than 30 Days by Assignment Group and State
    The Number of open security incidents not updated in the last 30 days indicator broken down by Assignment group and State.
    The KPI tab has the following additional indicators:
    • % of new critical security incidents
    • Average Age of Open Security Incidents
    • Average Close Time of Security Incidents
    • % Of Security Incidents that have been reassigned
    • % of Security Incidents closed on first assignment
    • % of security incidents closed by self-service
    • % of security incidents not solved
    • Average Close time of security incident tasks

    Breakdowns

    The following breakdowns apply to the indicators on the dashboard:
    • Security Group
    • Security Incident Age
    • Security Incident Category
    • Security Incident Priority
    • Security Incident State