mailing list archives
Re: Sizing the Information Security Department
From: "Kurt Buff" <kurt.buff () gmail com>
Date: Fri, 5 Sep 2008 12:01:14 -0700
I'm unaware of even recommended staffing levels for general sysadmins,
though a couple of people have made a stab at it - see
http://www.verber.com/mark/sysadm/how-many-admins.html for what I
consider the best attempt.
The answers are far too dependent on you and your institution's unique
circumstances, such as industry sector, corporate culture, security
stance, etc., to be able to make a firm recommendation based simply on
numbers of employees.
I, for instance, am the lead network administrator at a company of
almost 300 people, and my duties encompass many things, including
security, network administration, system administration printer
support and desktop support - both directly and by supervision of my
That's not to say that I don't think that I should be full time on
security - I could easily justify that - in my own mind - but making
the business case it much harder.
Best of luck.
On Thu, Sep 4, 2008 at 3:22 PM, <k7.fantr () gmail com> wrote:
I am preparing a business case for increasing the size of the Information Security department at the company where I
work. This is a smaller company with about 700 employees. Right now, I am the security department. :) - I am asking
to hire 3 security professionals to augment my load and to allow me to focus on more of the strategic needs and
higher level analysis.
My question is this: Do any of you know of any published recommendations regarding the size of a security department
based on company size? Any guidance in this regard is appreciated.
Thanks in advance!