Educause Security Discussion mailing list archives
Re: Information Security Staffing Metrics Survey
From: Harry Hoffman <hhoffman () IP-SOLUTIONS NET>
Date: Mon, 13 Aug 2012 18:11:41 -0400
Hi Carlos, It's probably a good idea to first state what responsibilities are associated with Information Security. They vary widely depending upon institution and therefore the number of FTEs allocated may be a factor. For example do the Infosec guys just do IDS? Do they handle A/V, DLP, Identity Management, Log Aggregation, PCI, HIPAA, DMCA, etc. We have 3 FTE plus technical management for a userbase of 25000 (staff/faculty/students). We deal with all of the above mentioned topics and I can tell you 3 people is not nearly enough. Cheers, Harry On 08/13/2012 12:58 PM, Carlos Lobato wrote:
Hello Colleagues, For those of you with an Information Security Function, do you know of any good information security staffing metrics? For example, 1 information security employee for 1000 FTEs, etc. Also, if you have an Information Security function please let me know the name of your University and the number of current full time employees fully dedicated to Information Security. Thanks in advance, Carlos *Carlos S. Lobato, CISA, CIA* *IT Compliance Officer* * * *New Mexico State University* Information and Communication Technologies MSC 3AT PO Box 30001 Las Cruces, NM 88003-8001 Phone: 575-646-5902 Fax: 575-646-5278 Email: clobato () nmsu edu <mailto:clobato () nmsu edu>
Current thread:
- Information Security Staffing Metrics Survey Carlos Lobato (Aug 13)
- Re: Information Security Staffing Metrics Survey McLaughlin, Bryan S. (Aug 13)
- Re: Information Security Staffing Metrics Survey Harry Hoffman (Aug 13)