Ask the Expert

Best practices for determining the number of needed security professionals

How would a company best determine the appropriate size of its network security group? As an example, Company ABC is a Global Manufacturer with 10 firewalls in nine different countries. All of the offices are connected by a WAN and seven of the 10 firewalls are Internet firewalls. They have about 5,000 employees of which roughly 2,000 have remote access needs. They have all of the standard IS groups: help desk, PC support, server admin, network engineering, etc. In order to determine how best to support the growing Internet needs of this company, from a security perspective, are there any basic "best security practices" that dictate how many trained security personnel should be used to properly support a company of this size?

    Requires Free Membership to View

Unfortunately, there aren't any magic answers. Server admins, network engineers and others can all have a security background and probably should, at least, have some basic security training. The abilities of those people whose primary job is something other than security will dictate how many dedicated security people you need. Also, if any of your security services are outsourced, that will affect your staffing needs as well.

I'm sorry to be evasive on this question, but every company situation is unique.

This was first published in May 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: