Security Basics: Re: Sizing the Information Security Department

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Basics mailing list archives

Re: Sizing the Information Security Department

From: "exzactly" <exzactly () hotmail com>
Date: Fri, 5 Sep 2008 08:20:21 -0700

1/3 of the IT staff should be dedicated towards security. That doesn't meanthat you ness. need to hire that many but 1/3 of the man hours int hedepartment shoudl be dedicated to it.

----- Original Message -----From: <k7.fantr () gmail com>

To: <security-basics () securityfocus com>
Sent: Thursday, September 04, 2008 3:22 PM
Subject: Sizing the Information Security Department

Hello all.
I am preparing a business case for increasing the size of the InformationSecurity department at the company where I work. This is a smaller companywith about 700 employees. Right now, I am the security department. :) - Iam asking to hire 3 security professionals to augment my load and to allowme to focus on more of the strategic needs and higher level analysis.
My question is this: Do any of you know of any published recommendationsregarding the size of a security department based on company size? Anyguidance in this regard is appreciated.
Thanks in advance!

By Date By Thread

Current thread:

Sizing the Information Security Department k7 . fantr (Sep 05)
- Re: Sizing the Information Security Department exzactly (Sep 08)
- Re: Sizing the Information Security Department Kurt Buff (Sep 08)
  - RE: Sizing the Information Security Department Kevin A. Zibluk (Sep 08)
    - RE: Sizing the Information Security Department Erin Carroll (Sep 08)
- <Possible follow-ups>
- RE: Sizing the Information Security Department Rob Creely (Sep 08)
- Re: Sizing the Information Security Department calgary_spence (Sep 08)