Thanks ASB, that's kind of what I was afraid of and as always you suggest good steps.
Dave From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, July 20, 2011 4:00 AM To: NT System Admin Issues Subject: Re: Security IT to employee ratio You will be hard pressed to find such a document, given all the variables, nor is that a useful way to go about justifying the headcount that might be needed. Rather, put together a list of all the activities that are needed to successfully maintain the security posture in your specific environment. Allocate some estimation of the time needed for each function, then add it all up. (Also take the liberty of delegating some portions of it to other technology departments, as necessary). This will tell you what the level of staffing *should* be for your environment, and by adding work to other people's plates, you'll automatically get their "support" for additional headcount. :) Of course, expect management to disagree on some of the items in your list, AND in the time allocated -- especially if they can keep it the way it is by shaving a few numbers and whacking a few tasks. ASB http://about.me/Andrew.S.Baker Harnessing the Advantages of Technology for the SMB market... On Wed, Jul 20, 2011 at 1:05 AM, David Lum <david....@nwea.org<mailto:david....@nwea.org>> wrote: Is there a document anywhere that can give me an idea of something along the lines of a general "recommended active IT security staff per employee ratio"? By "active IT security" I mean in-the-trenches people doing the legwork to get the last 3-5% of systems (at 400+ systems nothing is ever 100% in perfectly automated sync) fully compliant and up-to-date, keep astride of the IDS detections and tracking down which are false positives and which are actual alerts, etc. It has occurred to me that with 450 employees that there should probably be more than one FTE handling everything from IDS to keeping patches and AV current on all systems, employee training, etc... Heck I bet I can use one FTE that does NOTHING but track down and mitigate the non-compliant systems for AV and patching alone. David Lum Systems Engineer // NWEATM Office 503.548.5229<tel:503.548.5229> // Mobile 503.267.9764<tel:503.267.9764> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin