How would a company best determine the appropriate size of its network security group? As an example, Company ABC is a Global Manufacturer with 10 firewalls in nine different countries. All of the offices are connected by a WAN and seven of the 10 firewalls are Internet firewalls. They have about 5,000 employees of which roughly 2,000 have remote access needs. They have all of the standard IS groups: help desk, PC support, server admin, network engineering, etc. In order to determine how best to support the growing Internet needs of this company, from a security perspective, are there any basic "best security practices" that dictate how many trained security personnel should be used to properly support a company of this size?
Unfortunately, there aren't any magic answers. Server admins, network engineers and others can all have a security background and probably should, at least, have some basic security training. The abilities of those people whose primary job is something other than security will dictate how many dedicated security people you need. Also, if any of your security services are outsourced, that will affect your staffing needs as well.
I'm sorry to be evasive on this question, but every company situation is unique.
Dig deeper on Information Security Jobs and Training
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.