A general SLA on security is kind of difficult. Generally, you want your SLAs to be specifically quantifiable and measurable, but it depends on the services that you are talking about.
For example, if we were talking about anti-virus protection, you might have a service level for how fast the vendor implements the latest set of virus definitions. For security, you might have an SLA for time to implement a patch after the patch is made available by a relevant vendor. If your help desk SLA includes response time and problem correction time, then a response and resolution of a security breach or a virus could be subject to those SLAs. For an IDS, you could include a requirement to audit logs every certain period. John
