Measuring and Benchmarking Incident Response Readiness
- Publisher:
- Institute of Electrical and Electronics Engineers (IEEE)
- Publication Type:
- Conference Proceeding
- Citation:
- 2025 European Symposium on Usable Security (EuroUSEC), 2025, 00, pp. 127-137
- Issue Date:
- 2025-01-11
Open Access
Copyright Clearance Process
- Recently Added
- In Progress
- Open Access
This item is open access.
Small-to-medium enterprises (SMEs) remain disproportionately vulnerable to cyber incidents due to constrained resources and underdeveloped operational practices. While many maintain incident response plans (IRPs) to meet regulatory requirements, these plans are often untested and poorly integrated into operational workflows, resulting in delayed containment, unclear escalation, and inconsistent response actions. This disconnect between documentation and execution representing a critical readiness gap that can significantly increase the impact and duration of cyber events. To address this challenge, this paper introduces the Incident Response Readiness Score (IRRS); a scenario-based assessment framework designed to empirically evaluate an organisation's incident response capability under simulated conditions. The IRRS applies a structured scoring rubric calibrated through a Scenario Risk Index, enabling proportional evaluation of performance across diverse incident types. By transforming qualitative incident response actions into a reproducible and risk-weighted metric, the IRRS offers a practical and scalable means of assessing and improving cybersecurity readiness for different type organisations.
Please use this identifier to cite or link to this item: