Re: Security IT to employee ratio
You will be hard pressed to find such a document, given all the variables, nor is that a useful way to go about justifying the headcount that might be needed. Rather, put together a list of all the activities that are needed to successfully maintain the security posture in your specific environment. Allocate some estimation of the time needed for each function, then add it all up. (Also take the liberty of delegating some portions of it to other technology departments, as necessary). This will tell you what the level of staffing *should* be for your environment, and by adding work to other people's plates, you'll automatically get their support for additional headcount. :) Of course, expect management to disagree on some of the items in your list, AND in the time allocated -- especially if they can keep it the way it is by shaving a few numbers and whacking a few tasks. * * *ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of Technology for the SMB market… * On Wed, Jul 20, 2011 at 1:05 AM, David Lum david@nwea.org wrote: Is there a document anywhere that can give me an idea of something along the lines of a general recommended active IT security staff per employee ratio? By active IT security I mean in-the-trenches people doing the legwork to get the last 3-5% of systems (at 400+ systems nothing is ever 100% in perfectly automated sync) fully compliant and up-to-date, keep astride of the IDS detections and tracking down which are false positives and which are actual alerts, etc. It has occurred to me that with 450 employees that there should probably be more than one FTE handling everything from IDS to keeping patches and AV current on all systems, employee training, etc… Heck I bet I can use one FTE that does NOTHING but track down and mitigate the non-compliant systems for AV and patching alone. *David Lum* Systems Engineer // NWEATM Office 503.548.5229 //* *Mobile 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Security IT to employee ratio
Thanks ASB, that's kind of what I was afraid of and as always you suggest good steps. Dave From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, July 20, 2011 4:00 AM To: NT System Admin Issues Subject: Re: Security IT to employee ratio You will be hard pressed to find such a document, given all the variables, nor is that a useful way to go about justifying the headcount that might be needed. Rather, put together a list of all the activities that are needed to successfully maintain the security posture in your specific environment. Allocate some estimation of the time needed for each function, then add it all up. (Also take the liberty of delegating some portions of it to other technology departments, as necessary). This will tell you what the level of staffing *should* be for your environment, and by adding work to other people's plates, you'll automatically get their support for additional headcount. :) Of course, expect management to disagree on some of the items in your list, AND in the time allocated -- especially if they can keep it the way it is by shaving a few numbers and whacking a few tasks. ASB http://about.me/Andrew.S.Baker Harnessing the Advantages of Technology for the SMB market... On Wed, Jul 20, 2011 at 1:05 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: Is there a document anywhere that can give me an idea of something along the lines of a general recommended active IT security staff per employee ratio? By active IT security I mean in-the-trenches people doing the legwork to get the last 3-5% of systems (at 400+ systems nothing is ever 100% in perfectly automated sync) fully compliant and up-to-date, keep astride of the IDS detections and tracking down which are false positives and which are actual alerts, etc. It has occurred to me that with 450 employees that there should probably be more than one FTE handling everything from IDS to keeping patches and AV current on all systems, employee training, etc... Heck I bet I can use one FTE that does NOTHING but track down and mitigate the non-compliant systems for AV and patching alone. David Lum Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 // Mobile 503.267.9764tel:503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Security IT to employee ratio
I would also start to look at what the business requirements are. One FTE is going to cover 40 hours out of a 168 hour week (assuming no leave). Does someone need to monitor things (like your IDS/IPS) during non-business hours? In a much larger org, we have dedicated teams for AV, desktop patching, network patching, server patching (Windows and *nix), event monitoring/correlation, incident response and so on. This is all driven by either (a) SLAs/OLAs and (b) patching cycles. We work from those requirements to work out how many people we need, based on how quickly we need to turn things around. Cheers Ken From: David Lum [mailto:david@nwea.org] Sent: Wednesday, 20 July 2011 9:04 PM To: NT System Admin Issues Subject: RE: Security IT to employee ratio Thanks ASB, that's kind of what I was afraid of and as always you suggest good steps. Dave From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, July 20, 2011 4:00 AM To: NT System Admin Issues Subject: Re: Security IT to employee ratio You will be hard pressed to find such a document, given all the variables, nor is that a useful way to go about justifying the headcount that might be needed. Rather, put together a list of all the activities that are needed to successfully maintain the security posture in your specific environment. Allocate some estimation of the time needed for each function, then add it all up. (Also take the liberty of delegating some portions of it to other technology departments, as necessary). This will tell you what the level of staffing *should* be for your environment, and by adding work to other people's plates, you'll automatically get their support for additional headcount. :) Of course, expect management to disagree on some of the items in your list, AND in the time allocated -- especially if they can keep it the way it is by shaving a few numbers and whacking a few tasks. ASB http://about.me/Andrew.S.Baker Harnessing the Advantages of Technology for the SMB market... On Wed, Jul 20, 2011 at 1:05 AM, David Lum david@nwea.orgmailto:david@nwea.org wrote: Is there a document anywhere that can give me an idea of something along the lines of a general recommended active IT security staff per employee ratio? By active IT security I mean in-the-trenches people doing the legwork to get the last 3-5% of systems (at 400+ systems nothing is ever 100% in perfectly automated sync) fully compliant and up-to-date, keep astride of the IDS detections and tracking down which are false positives and which are actual alerts, etc. It has occurred to me that with 450 employees that there should probably be more than one FTE handling everything from IDS to keeping patches and AV current on all systems, employee training, etc... Heck I bet I can use one FTE that does NOTHING but track down and mitigate the non-compliant systems for AV and patching alone. David Lum Systems Engineer // NWEATM Office 503.548.5229tel:503.548.5229 // Mobile 503.267.9764tel:503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Security IT to employee ratio
I have to agree on Ken's Comments, again the business requirements are going to dictate in this case, there won't be any quick and dirty numbers. Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, July 20, 2011 9:19 AM To: NT System Admin Issues Subject: RE: Security IT to employee ratio I would also start to look at what the business requirements are. One FTE is going to cover 40 hours out of a 168 hour week (assuming no leave). Does someone need to monitor things (like your IDS/IPS) during non-business hours? In a much larger org, we have dedicated teams for AV, desktop patching, network patching, server patching (Windows and *nix), event monitoring/correlation, incident response and so on. This is all driven by either (a) SLAs/OLAs and (b) patching cycles. We work from those requirements to work out how many people we need, based on how quickly we need to turn things around. Cheers Ken From: David Lum [mailto:david@nwea.org] Sent: Wednesday, 20 July 2011 9:04 PM To: NT System Admin Issues Subject: RE: Security IT to employee ratio Thanks ASB, that's kind of what I was afraid of and as always you suggest good steps. Dave From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, July 20, 2011 4:00 AM To: NT System Admin Issues Subject: Re: Security IT to employee ratio You will be hard pressed to find such a document, given all the variables, nor is that a useful way to go about justifying the headcount that might be needed. Rather, put together a list of all the activities that are needed to successfully maintain the security posture in your specific environment. Allocate some estimation of the time needed for each function, then add it all up. (Also take the liberty of delegating some portions of it to other technology departments, as necessary). This will tell you what the level of staffing *should* be for your environment, and by adding work to other people's plates, you'll automatically get their support for additional headcount. :) Of course, expect management to disagree on some of the items in your list, AND in the time allocated -- especially if they can keep it the way it is by shaving a few numbers and whacking a few tasks. ASB http://about.me/Andrew.S.Baker Harnessing the Advantages of Technology for the SMB market... On Wed, Jul 20, 2011 at 1:05 AM, David Lum david@nwea.org wrote: Is there a document anywhere that can give me an idea of something along the lines of a general recommended active IT security staff per employee ratio? By active IT security I mean in-the-trenches people doing the legwork to get the last 3-5% of systems (at 400+ systems nothing is ever 100% in perfectly automated sync) fully compliant and up-to-date, keep astride of the IDS detections and tracking down which are false positives and which are actual alerts, etc. It has occurred to me that with 450 employees that there should probably be more than one FTE handling everything from IDS to keeping patches and AV current on all systems, employee training, etc... Heck I bet I can use one FTE that does NOTHING but track down and mitigate the non-compliant systems for AV and patching alone. David Lum Systems Engineer // NWEATM Office 503.548.5229 // Mobile 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadminimage001.jpg