Re: Operational vs project time

[James Moore <jhmiso () RIT EDU>]

I think that there is a context question here.  We implemented several standards in the last couple of years that 
describe incident response, and server and desktop security (as well as a few others).  One of the new features of 
security standards is the emphasis on adding detective controls to complement preventive controls.  Previously, most of 
the focus was on preventive controls.  
 
Now we are asking "How do you know that things are fine?"  So we are at the beginning of the learning curve where the 
number of incidents rise rapidly, and the severity starts to decline.  But this is skewing things heavily toward the 
operational side.  
 
I would estimate that we are about 60% operational and 40% projects.  If you consider the basic CIA of information 
security, and the amount of time spent on operational availability, then the operational total is higher than that.
 
Jim

________________________________

From: Gary Flynn [mailto:flynngn () JMU EDU]
Sent: Mon 10/30/2006 3:36 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Operational vs project time



Hi,

We're undergoing some internal analysis and were wondering what
security groups were seeing as the proportion of time spent on
operational work vs project work.

By operational work, I mean recurring things like responding to
calls, access requests, infections, incidents, training and
presentations, daily monitoring and response tasks, tuning,
upgrades, and the like.

By project work, I mean things like providing new internal or
external services and development.

Projects may be internal projects to improve security functions
( e.g. network anomaly detection ), external projects providing
security services to external parties ( e.g. WSUS server ), or
interdepartmental projects where security personnel participate
in the project planning, design, management, and possibly
implementation on an ongoing basis ( e.g. portal, identity
management, new university system rollouts ).

We're currently estimating 60-70% of our time going to
operational tasks and wondered what others were seeing.

--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security


The WatchGuard Firebox which protects your network detected a message which may not be safe.

Cause : The file type may not be safe.
Content type : application/ms-tnef
File name    : winmail.dat
Virus status : No information.
Action       : The Firebox deleted winmail.dat.

Your network administrator can not restore this attachment.