-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I have a client that is trying to justify hiring a network/security
person for their IT staff. Senior management already thinks they are
overstaffed. Here is a rough outline of their environment:
Company size: ~200
Number of locations: 12 across 8 states
Number of "full time" computer users: ~150
~100 sales (wholesale / distribution)
~15 management / executive / HR
~15 clerical / administrative / purchasing
~15 accounting / finance / payroll
4 IT
The I.T. Department is responsible for:
All computers:
~130 Desktops
~60 Laptops
~25 Servers
All communications and networks:
9 Telecoms (voice, cell)
8 ISPs (Internet, WAN)
12 PBXes w/ ~180 handsets
~90 Cellphones and laptop cell Internet
16 VoIP Gateways
~30 Routers
~16 Network Firewalls
~60 Switches
14 Port Servers
12 IDS sensors
All software and services:
Windows XP
Windows 2003 Server
RHEL 5.x
Cisco IOS/AOS
ERP Suite
Web Sites (1 external, 2 internal)
Email / Email Filtering
EDI
IDS
Event Correlation Management System
AV/Host Firewall/NAC Suite
Web Content Filtering
~20 outside service providers
Patch Management
etc.
Miscellaneous:
~200 RFID and/or bar code scanners (ERP integrated)
~20 timeclocks
~40 network printers
~120 desktop printers
All I.T. related purchases, installation, configuration, maintenance
Physical security systems
Currently, their staff consists of:
-- IT Manager / Jack of All Trades
-- 1 ERP/EDI support person
-- 1 Systems Admin who also does network admin and hardware support
-- 1 Help Desk who also does web site, email, host based security,
and teleco / PBX support
The staff recently lost their primary hardware support person and a
part-time administrative person when budgets were cut. Current staff is
overworked, but pay for overtime has been eliminated.
The IT manager asked me to help him put together some information to
help support his push for more staff. I did some Googling, but did not
find anything from the past couple of years that was of any real use.
So, what I am asking is, do you have any information concerning IT
staffing guidelines? Specifically:
o What would be the size of a typical IT staff that would have to
support the above resources?
o Anyone aware of any studies/guidelines for IT staff size based on
the number of "non casual" computer users in an organization?
o Anyone aware of any studies/guidelines for what should be the IT
budget based on either a percentage of revenue or a percentage of
overhead budget?
o What is the typical size of an organization before they staff a
"dedicated" I.T. security person?
TIA for any info!
Jon K.
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler
My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkkMeBEACgkQUVxQRc85QlNkAwCeJT3WsUdbU853fvY+95TtsqIK
/4YAn2Y5dNnSih3PaUOi8feNMcc4fKCJ
=9VKh
-----END PGP SIGNATURE-----
==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
