There are two common approaches to incident response: qualitative and quantitative. Each approach has its pros and cons. Meanwhile, an enterprise’s decision to take a qualitative or quantitative approach to incident response could have far-flung effects on the business, its employees and its customers.
So which is better: a qualitative or quantitative approach to incident response? To answer this question, let’s take a closer look at each incident response approach.
Qualitative Approach to Incident Response
As the name indicates, a “qualitative” approach to incident response relies on data quality. It requires an enterprise to perform interviews, collect questionnaires and conduct other research to understand the qualities or characteristics of its incident response efforts.
For example, let’s consider how an enterprise that takes a qualitative approach to incident response would handle a network outage.
A network outage likely will affect an enterprise and its key stakeholders. Furthermore, failure to quickly address this issue may lead to revenue losses and brand reputation damage.
During a network outage, an incident response team will work diligently to correct the issue. Once the issue is resolved, it will notify key stakeholders accordingly.
At this point, an incident response team can still learn from the network outage. If this team takes a qualitative approach to incident response, it may use surveys to collect feedback from key stakeholders.
A typical qualitative survey may include a series of open-ended questions to gauge a stakeholder’s emotional response to an incident. It allows incident response team members to review stakeholder feedback and use it to improve their day-to-day efforts.
Stakeholder feedback empowers an incident response team with meaningful insights. At the same time, team members may need to dedicate significant time and resources to evaluate stakeholder feedback so they can maximize its value.
Quantitative Approach to Incident Response
Like a qualitative approach to incident response, a quantitative approach may involve the use of questionnaires or surveys. Conversely, a quantitative evaluation helps an incident response team answer questions like, “What was the root cause of an incident?” or “How many people were affected by an incident?”
For instance, after a network outage, an incident response team that takes a quantitative approach may use a survey that contains closed-ended questions. Each question may require a “yes” or “no” response or ask a stakeholder to rate the team’s incident response efforts on a scale of 1 (lowest score) to 5 (highest score). An incident response team then can use the survey results to identify improvement areas.
Performing a quantitative survey usually is straightforward. An incident response team can craft survey questions, provide the survey to stakeholders following an incident and evaluate the survey responses at its convenience.
On the other hand, every incident is different, and the numbers behind an incident won’t necessarily tell the full story. Even with quantitative stakeholder survey results at its disposal, there is no guarantee an incident response team can obtain actionable insights that it can use to drive meaningful improvements.
Should You Take a Qualitative or Quantitative Approach to Incident Response?
By using a combination of qualitative and quantitative evaluations, an incident response team can get the most out of its incident data.
For example, consider what would happen if an enterprise used qualitative and quantitative assessments to evaluate its incident response efforts related to a network outage.
A stakeholder survey that includes both open- and closed-ended questions empowers an incident response team with a wealth of meaningful data. The team can use this survey to understand the “how” and “what” behind its response efforts. Plus, it can find out how stakeholders feel about these efforts.
Thanks to qualitative and quantitative assessments, an enterprise can ensure all incident response team members are on the same page, too.
Qualitative and quantitative assessments enable incident response team members to mine massive amounts of incident data and identify the team’s strengths and weaknesses. Next, the assessments can help the team discover innovative ways to transform its weaknesses into strengths.
Of course, a hybrid approach to incident response can extend beyond stakeholder evaluations as well.
If an enterprise deploys an effective incident management system, it can retrieve data throughout an incident. It can even leverage data-driven reports and analytics that highlight incident response patterns and trends — something that could lead to long-lasting incident response improvements.
Let’s not forget about how an enterprise can use an alert tracking system to streamline its incident communications, either.
An enterprise may be responsible for notifying thousands of employees, customers and other stakeholders about an incident. Yet ensuring the right parties get the right messages at the right time is rarely simple.
Now, an alert monitoring system helps an enterprise get the right messages to the right people during an incident. It also empowers an incident response team to craft custom messages to its target audience. As a result, the system allows an incident response team to simultaneously retrieve data and keep stakeholders up to date until an incident is resolved.
The Bottom Line on Qualitative and Quantitative Approaches to Incident Response
When it comes to incident response, qualitative and quantitative approaches offer various advantages and disadvantages. With a hybrid approach to incident response, an enterprise is better equipped than ever before to simplify and enhance its incident response efforts.
An alert tracking system that offers rich notifications and reporting can provide the foundation of a hybrid approach to incident response. The system helps an incident response team notify key stakeholders about an incident, track incident data, produce incident reports and much more. Thus, an alert monitoring system can help an incident response team establish goals and drive continuous improvement.
AlertOps is a collaborative Incident Management, DevOps, and IT Alerting platform that helps organizations reduce MTTR.
You will also like:
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- Blog2022.12.13What are the Common Security Weaknesses of Cloud Based Networks?
- Blog2022.10.12Vulnerability management with Wazuh open source XDR
- Blog2022.08.29Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
- Blog2022.08.25Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky