RE: Need Help

["LEHMANN, TODD" <TODLEH () SAFECO com>]

If you fail to sell mgmt on additional personnel, you may want to use an
idea I saw in another string on this list. 

Create a document that properly reflects the gravity of the situation, and
states what steps you took to relay the information to mgmt, then include a
signature line that states that they have read the information presented by
yourself, then make someone that is high-level sign it. Someone that is
director level or above.

That way if there is a major security breach or the help desk starts failing
horribly, you can present that document and no one can say you didn't try.
It will also redirect any disciplinary action towards the people who signed
the document, not you. After all, they would not let you perform your duties
properly and you have proof. 

If you do get targeted and are disciplined are terminated, you then have a
legal means of fighting your termination or suing.

Todd Lehmann

The views stated, reflected, insinuated, innuendoed, implied, explied, or
double-plied in this email are those of the sender only, and do not reflect
the views of Safeco Insurance or any of its employees

-----Original Message-----
From: Gene [mailto:gyoo () attbi com] 
Sent: Monday, December 16, 2002 10:36 AM
To: Chris Berry
Cc: security-basics () securityfocus com
Subject: Re: Need Help

This is what we use to calculate the staff ratio.  I don't know where my 
boss got this, but prior to my current employer, we were supporting 
1:410 regional support center, and DC supporting over 118 location West 
of Rocky Mtns.  Currently about 1:110 two DC, three remote.

Here is a formula to calculate staff ratio:

     * EIC = (161wUG+111wPGT+32wPGR+220wRES)/(970wgen+64w equip)
     * 0 <= EIC <= 1
     * ES = (105wUG+12wPGT+2wPGR+22wRES)/ (177wgen+10wequip)
     * 0 <= ES <= 1
     * wUG,wPGT,wPGR,wRES, wgen,wequip >= 0

go figure!

Chris Berry wrote:
> > From: tombombadillon () Argentina com
> > I am in the security area and ?administer? 1200 users in mainframe with
> > VM/ESA, VSE/ESA, CICS, AS/400,  LAN of 500 PC?s and a Wan of 600, (mix
> > of Window$ platforms). Now we are connecting the enterprise to
> > internet and we go to add f4 firewalls, 2 proxy,  2 IDS, 9 Linux, etc
> > (with the risk this involve)  and I am alone with other guy (but it?s
> > technical knowledge is lower, hi manage the papers).
> >
> > What are some good arguments I can use to request for additional
> > personal?
> > Management don?t understand importance of security. What can I do? This
> > is a nightmare.
>
>
> All I can say is wow, you are seriously overloaded, you're definitely 
> going to need either a guy to run the help desk so that you can 
> concentrate on the security end, or a security guy so you can take care 
> of the other stuff.  Since help desk guys are cheaper, your best bet is 
> to ask for one of those.  As an argument, poing out that if you two try 
> to do it by yourselves, they're going to have to pay copious overtime 
> hours at time and a half, and it would be much cheaper to get you some 
> help at lower wage rate.
>
> As a side note, I can't imagine trying to handle more than a few hundred 
> users on my own (as the everything guy, not just tech support) but I 
> work at a small company, what is everyone else's workload like?
>
> Chris Berry
> compjma () hotmail com
> Systems Administrator
> JM Associates
>
> "Live dangerously, overclock your servers."
>
>
>
>
>
>
> _________________________________________________________________
> The new MSN 8: smart spam protection and 2 months FREE*  
> http://join.msn.com/?page=features/junkmail


-- 
Gene Yoo, gyoo () attbi com