The metric that measures how quickly something is detected/identified is Mean Time to Detect (MTTD). Although MTTD is often used in incident detection, it directly matches the wording “how quickly … are identified” because it measures the time between occurrence and detection.
Secbay Press defines MTTD explicitly as the time to detect an issue:
Exact extract (Secbay Press):
“Mean Time to Detect (MTTD) is… the average time taken to identify and detect a security incident… Mean time to detect is how long it took… to when it was detected.”
Why the other options are not best:
KPI is a category/type of measure (a key metric), not the specific metric itself. Secbay distinguishes metrics vs KPIs and lists MTTD as a KPI example.
SLO is a service objective/target, not a measurement of detection speed by itself.
Alert volume measures quantity of alerts, not detection time.
Exact extract (Secbay Press):
“KPI: Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR).”
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit