The Top 6 Questions to Identify Security-Response Bottlenecks

6-questions-to-ask

Ultimately, every security professional’s goal is to ensure the best possible security outcomes. We believe that there is a single metric that has a positive effect on improving performance and in turn, security outcomes: response time. The time it takes between an event being raised to an operator acting can make all the difference in critical situations.

In order to improve response time, you first need to know where bottlenecks are occurring. Typically, bottlenecks occur either in operations, meaning the slowdown is due to an inefficient process or procedure, or are caused by technology, meaning overwhelming amounts of data are stored in multiple different systems.

To make it easy to improve efficiency, we’ve selected the top six questions to ask about your operations and systems in order to identify these bottlenecks and mitigate their impact on response time.

  1. Do you have an accurate measure of the efficacy of your security operation?
    With alarms and events coming from multiple different systems can you quickly and effectively identify the bottlenecks in our operation? The management thinker Peter Drucker famously said, “If you can’t measure it, you can’t improve it.” Having data at hand allows managers to understand the cause and timing of peak alarm traffic, and adjust staffing levels accordingly.

  2. Are processes standardized, documented, and actionable?
    Your security procedures not only need to be documented, but readily accessible and easy to understand. A manual or binder under the desk isn’t going to be very useful when every second counts. If an event occurs and an operator doesn’t have easy access to an action plan, they’re going to rely on instinct or spend too much time finding instructions before they can respond.

  3. How many false alarms are we experiencing?
    False alarms can reduce response time and effectiveness. By not identifying and remediating false alarms, operators risk missing a real event buried in a pile of alarms. The genuine alarm gets neither the attention nor speed of response that is required. Too many false alarms may indicate faulty equipment, or a recurring false positive that can create notification apathy among operators. The risk is that they may tune out a critical notification thinking it’s just another false positive.

  4. How are alarms prioritized?
    Ensuring that alarms are consistently prioritized across systems is critical for ensuring a reliable response. Prioritizing events not only helps to rapidly order the alarm list, it also helps group similar events and then route traffic to appropriate operator groups. Additionally, consistent prioritization provides the ability to develop more sophisticated internal response SLA’s and escalation policies.

  5. Are we presenting alarms that do not require operator action?
    If an alarm doesn’t require any operator action, look to automation. Automation can eliminate the necessity for an operator response to events that are repetitive, do not cause an active threat, and therefore do not need operator decision-making. Too many of these alerts are distracting and lead to missed events or slower response.

  6. Are we centralizing our alarms, systems, and processes into one central view?
    Different systems don’t have to mean multiple tabs, windows, and screens. In order to streamline response time, take steps to integrate your security systems and operating procedures. Having everything in one place is critical during an event. A single interface is similar to an emergency ‘to-go’ bag. You’ve planned for it, you know what’s in there, it’s all accessible, and you’re ready to roll. With the answers to these questions in hand, you’ll now begin to see the full picture and impacts of bottlenecks in your organization. Once you’re aware of where the problems are, you’re ready to begin improving performance.

Contact us at Sureview to learn how ImmixCC can help reduce your response time and radically improve command center efficiency.

Next Post