Educause Security Discussion mailing list archives
Re: Information/IT security staff count
From: Bernardo Manuel Vasquez <bernardo.vasquez () NYU EDU>
Date: Thu, 24 Nov 2016 18:50:04 +0000
I think you get one time to make a valid ask and it should be done in a targeted conversation that also aligns with institutional objectives and risks. Staffing ratios is not a sufficient data point. Don't hesitate to use the NICE Cybersecurity workforce tools to evaluate existing work competencies and the gaps that exist on what an adequately staffed and skilled team should look like.(there's a draft v2.0) to help you do this yourself if necessary. Mapping that back to the NIST Cybersecurity Framework is an easy one page exercise and done for you in the new NIST draft (link provided below) Also look at other school org structures based on their information security departments. Mapping this back to any institution or recognized risks addressed by internal audit or others will help not just you, but your institution make a risk-based data driven decision. There was a previous thread on this topic either in the REN or this EDUCAUSE Security list. Please contact a Security member on your team who is on your team if you are not on it to get this data. Executive presentation outline: 3-5 slides?... 1. As-Is organizational state 2. Risks this presents, exposure that exists (data on things missed and why is helpful here) 3. Benchmarks 3a. Org structures, competencies, capabilities of other institutions. 3b. Staffing ratios of other institutions 4. Proposed TO-BE state 4a. Projected 1-3 year investment (FTE / Contractor Mix) with ramp-up budgetary impact and onboarding References: - https://niccs.us-cert.gov/workforce-development/cybersecurity-workforce-development-toolkit - https://www.careeronestop.org/competencymodel/competency-models/cybersecurity.aspx - http://csrc.nist.gov/publications/PubsDrafts.html#800-181 - https://ciso.eccouncil.org/wp-content/uploads/2013/09/NICE-IA-Framework-and-EC-Council-Certs-Ecosystem-Mapping-CCISO.pdf Good luck!!! BMV On Thu, Nov 24, 2016 at 12:41 PM David D Grisham <DGrisham () salud unm edu> wrote:
Our main campus has 8 or 9 positions. The health science Center has 2 and the hospital has 6 cyber and 3 network security. Cheers.-grish *From:* The EDUCAUSE Security Constituent Group Listserv [mailto: SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Wessam Maher *Sent:* Thursday, November 24, 2016 10:34 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Information/IT security staff count Dear All Can you please advise me a source to find about the average number of staff working in information security and IT security in educational institutions Or at least the number of info Sec and IT Sec staff at your institution if possible I am stuck in a report asking to increase the staff in my unit and want to get some feedback that hopefully will help Thanks for your help,
Current thread:
- Information/IT security staff count Wessam Maher (Nov 24)
- Re: Information/IT security staff count David D Grisham (Nov 24)
- Re: Information/IT security staff count Bernardo Manuel Vasquez (Nov 24)
- Re: Information/IT security staff count Rob Milman (Nov 24)
- Re: Information/IT security staff count Jeff Holden (Nov 26)
- Re: Information/IT security staff count Joanna Grama (Nov 27)
- Re: Information/IT security staff count David D Grisham (Nov 24)