Abstract
Monitoring the performance of incident response (IR) management is important input for improving the IR management system. A set of performance indicators, which assists monitoring in a proper way, is described regarding: the incident response management system; information security culture; number of incidents responded to; average time spent on responding; consequences of incidents; number of incidents of high loss; downtime of SCADA systems; total costs of incident response; and learning. The entire set of proposed indicators is well suited for monitoring the total incident response management of an organisation as it covers all parts of incident response management.