Manage Learn to apply best practices and optimize your operations.

Best practices for determining the number of needed security professionals

How would a company best determine the appropriate size of its network security group? As an example, Company ABC is a Global Manufacturer with 10 firewalls in nine different countries. All of the offices are connected by a WAN and seven of the 10 firewalls are Internet firewalls. They have about 5,000 employees of which roughly 2,000 have remote access needs. They have all of the standard IS groups: help desk, PC support, server admin, network engineering, etc. In order to determine how best to support the growing Internet needs of this company, from a security perspective, are there any basic "best security practices" that dictate how many trained security personnel should be used to properly support a company of this size?

Unfortunately, there aren't any magic answers. Server admins, network engineers and others can all have a security background and probably should, at least, have some basic security training. The abilities of those people whose primary job is something other than security will dictate how many dedicated security people you need. Also, if any of your security services are outsourced, that will affect your staffing needs as well.

I'm sorry to be evasive on this question, but every company situation is unique.

This was last published in May 2001

Dig Deeper on Information security certifications, training and jobs

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.