After implementing a new vulnerability management program, the security team decides to measure its performance. Which of the following metrics would best indicate the average time it takes to identify a vulnerability once it occurs?
The correct metric to measure the average time it takes to identify a vulnerability is 'Mean time to detect' (MTTD). This KPI specifically focuses on the detection aspect of vulnerability management, making it a useful indicator of the effectiveness of a program in quickly identifying new vulnerabilities. 'Mean time to respond' (MTTR) measures response time after a vulnerability is detected, 'Mean time to remediate' calculates the time taken to resolve a vulnerability, and 'Alert volume' tracks the number of alerts generated, but none of these uniquely measure detection speed.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is 'Mean Time to Detect' (MTTD)?
Open an interactive chat with Bash
How does MTTD differ from Mean Time to Respond (MTTR)?
Open an interactive chat with Bash
Why is fast detection (low MTTD) important in vulnerability management?