Re: Information Security Staffing Metrics Survey

[Harry Hoffman <hhoffman () IP-SOLUTIONS NET>]

Hi Carlos,

It's probably a good idea to first state what responsibilities are
associated with Information Security.

They vary widely depending upon institution and therefore the number of
FTEs allocated may be a factor.

For example do the Infosec guys just do IDS? Do they handle A/V, DLP,
Identity Management, Log Aggregation, PCI, HIPAA, DMCA, etc.

We have 3 FTE plus technical management for a userbase of 25000
(staff/faculty/students).

We deal with all of the above mentioned topics and I can tell you 3
people is not nearly enough.

Cheers,
Harry


On 08/13/2012 12:58 PM, Carlos Lobato wrote:
> Hello Colleagues,
>
>  
>
> For those of you with an Information Security Function,  do you know of
> any good information security staffing metrics?  For example, 1
> information security employee for 1000 FTEs, etc.  Also, if you have an
> Information Security function please let me know the name of your
> University and the number of current full time employees fully dedicated
> to Information Security.
>
>  
>
> Thanks in advance,
>
>  
>
> Carlos
>
>  
>
> *Carlos S. Lobato, CISA, CIA*
>
> *IT Compliance Officer*
>
> * *
>
> *New Mexico State University*
>
> Information and Communication Technologies
>
> MSC 3AT PO Box 30001
>
> Las Cruces, NM  88003-8001
>
>  
>
> Phone: 575-646-5902
>
> Fax: 575-646-5278
>
>  
>
> Email: clobato () nmsu edu <mailto:clobato () nmsu edu>
>
>