Security Testing

How do you work out MTTR (Mean Time to Response)?

MTTR is all about looking at where you're handing your information over to the people who are responsible for fixing the vulnerabilities. Once it's handed over, the process has begun. So, we know where the timer starts, but where does it end?
Thomas Ballin
1 minute read

MTTR is all about looking at where you're handing your information over to the people who are responsible for fixing it. It's only fair to be able to measure time to response from the point where something has been handed over to somebody with some responsibility to see it through its life cycle.

Once vulnerabilities are owned by somebody within the business, you can start a clock. When you then stop that clock and say that you have responded to something will depend on your organisation and the kind of thresholds that you have.

You can say that you've responded to something when you've implemented the first line of defence in depth control or first compensating control. This has technically treated the issue in some part.

However, it may be more accurate to measure MTTR in two different ways: your corrective action, and your preventative action. Then, you can calculate MTTR in addressing some sort of fix, and MTTR in addressing the systemic problem that's causing those vulnerabilities to appear in the first place.

Related Posts

Security Testing
Continuous Security Testing - Common Misconceptions and Challenges
Understand misconceptions, common challenges and considerations for continuous security testing programmes.
Ben Armstrong
6 minutes
Security Testing
Automated vs Manual Security Testing - How to Choose the Best Test at Scale
Create an automated list of testing actions to scale your security testing programme.
Thomas Ballin
4 minute read
Security Testing
LLM Assisted Security Testing - Use Case
Explore a real example of how an LLM identified a vulnerability missed by automated and manual testing.
Thomas Ballin
8 minute read
Security Testing
Creating an Effective Security Testing Strategy
Focus on these 6 key areas to build an effective security testing strategy.
Thomas Ballin
5 minute read
Security Testing
How to work out MTTD (Mean Time to Detection)?
Understanding the mean time to detection of a vulnerability is interesting, there are two key pieces of information that you need.
Thomas Ballin
1 minute read
Security Testing
Automated penetration testing - 5 key business benefits
Automated penetration testing is becoming increasingly popular. But how does this compare to manual penetration testing? Understand the main key benefits.
Thomas Ballin
3 minutes
Security Testing
How do you understand performance over time?
In order to get to grips with the performance of your software or product over time, you really need to be taking incremental measurements of your cybersecurity.
Thomas Ballin
8 min to read
Security Testing

How do you work out MTTR (Mean Time to Response)?

MTTR is all about looking at where you're handing your information over to the people who are responsible for fixing the vulnerabilities. Once it's handed over, the process has begun. So, we know where the timer starts, but where does it end?
Thomas Ballin
3
min read

MTTR is all about looking at where you're handing your information over to the people who are responsible for fixing it. It's only fair to be able to measure time to response from the point where something has been handed over to somebody with some responsibility to see it through its life cycle.

Once vulnerabilities are owned by somebody within the business, you can start a clock. When you then stop that clock and say that you have responded to something will depend on your organisation and the kind of thresholds that you have.

You can say that you've responded to something when you've implemented the first line of defence in depth control or first compensating control. This has technically treated the issue in some part.

However, it may be more accurate to measure MTTR in two different ways: your corrective action, and your preventative action. Then, you can calculate MTTR in addressing some sort of fix, and MTTR in addressing the systemic problem that's causing those vulnerabilities to appear in the first place.

Prioritise Your Testing Programme Around Your Development Schedule

Detect Vulnerabilities Faster
Patch Vulnerabilities Faste
Be more compliant
Book a Demo

Related Posts

Vulnerability Management
How do you understand performance over time?
In order to get to grips with the performance of your software or product over time, you really need to be taking incremental measurements of your cybersecurity.
Thomas Ballin
February 2, 2021
Security Testing
Automated penetration testing - 5 key business benefits
Automated penetration testing is becoming increasingly popular. But how does this compare to manual penetration testing? Understand the main key benefits.
Thomas Ballin
June 4, 2024
Vulnerability Management
Will there come a day where there are 0 vulnerabilities to find?
There's a growing potential for AI to remove many sources of vulnerabilities, but does that mean we're going to see a day where code is being written without any vulnerabilities being introduced into systems?
Thomas Ballin
June 4, 2024
What we do
How we do it
Resource Hub
Blog
Book a Demo
Cytix Ltd (14043556) © 2024 - All Rights Reserved
Privacy PolicyTerms & Conditions
Security Testing
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept