Planning and preparing for the unexpected, especially in response to a security incident, is one of the greatest challenges faced by information technology professionals today. An incident is described as any violation of policy, law, or unacceptable act that involves information assets. Incident Response (IR) teams should be evaluating themselves on metrics, such as incident detection or dwell time, to determine how quickly they can detect and respond to incidents in the environment. In 2016, the SANS Institute surveyed organizations about internal response capabilities. The frequency distribution that summarizes the average time organizations took to detect incidents is:

Average Dwell Time                                            Frequency
Less than 1 day...................................................................166
Between 1 and less than 2 days.......................................100
Between 2 and less than 8 days.......................................124
Between 8 and less than 31 days.......................................77
Between 31 and less than 90 days.....................................59
90 days or more....................................................................65

a. What percentage of organizations took fewer than 2 days, on average, to detect incidents?

b. What percentage of organizations took between 2 and 31 days, on average, to detect incidents?

c. What percentage of organizations took 31 or more days, on average, to detect incidents?

d. What conclusions can you reach about average dwell time of incidents?