Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: IT Department Size

from [Steven Allison (DHL US)] Network Security [Permanent Link]
Subject: RE: IT Department Size
Date: Wed, 26 Oct 2005 07:54:31 -0700 
Rami,
    The rule of thumb to your question is. "it depends." 
It depends on the actual size of your organization. A 1:250 ratio may
work for a company with 1000 employees but for a company of 500,000
employees, the ratio is more like 1:5000. 
 
It depends on the risk level of your company and industry. An IT or
financial based company (MCI, AT&T, American Express, VISA, Wells Fargo
Bank, etc.) would require a better administrator:person or
administrator:system ratio than a company such a DHL (shipping company).

 
It depends on what regulations you must adhere to and how many personnel
it takes to ensure compliance (regardless of number of systems or
personnel in the company). 
 
I'm quite sure the group here could expand on any of my points or add 50
more. What I think you need to do is assess the level of risk your
organization and what it takes to fulfill your ~sigh~ Business
Continuity Plan.  
 
Staffing is such a sticky issue. If you ask the manager how many
personnel he needs to fulfill his obligation to the organization, it
will be far more than the VP three levels above him thinks. 
 
There is no clear answer to your question and it only looks like I've
raised more questions for you. But sometimes, the travel is half the fun
of getting to the destination...or not.
 

Best Regards,

Steven R. Allison, CISSP
Information Security Manager, Americas Region

DHL Express
8701 E. Hartford Dr.
Scottsdale, AZ. 85255

Phone:   480-375-6490
Cellular: 480-226-2495
FAX:      480-375-7039
Steven.Allison@dhl.com

"You have enemies? Good. That means you have stood up for something,
sometime in your life."
- Winston Churchill


 


________________________________

        From: Rami.Prescott@frostbank.com
[mailto:Rami.Prescott@frostbank.com] 
        Sent: Tuesday, October 25, 2005 1:32 PM
        To: security-management@securityfocus.com
        Subject: IT Department Size
        
        

        Would anyone know of a good place to find information on how
large a system administrator/ network engineering department should be? 
        
        The general rule of thumb I've heard is 1 system
administrator/network engineer for every 250 users.  Is this generally
true in practice? 
        
        We define system administrator/network engineer as someone who
has 5-10 years experience in all OS and who is responsible for the
operating system and hardware. 
        
        Thank you, 
        Rami Prescott 
        IT Audit
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: bank audit checklist, Bret Watson
Next by Date:  Re: bank audit checklist, Coreappsecurity Mailing List
Previous by Thread:  RE: IT Department Size, Thompson, Jimi
Next by Thread:  RE: IT Department Size, Paul Farrington
Indexes:  [Date] [Thread] [Top] [All Lists]