TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
It also depends on if you expect to have human monitoring of your console 24x7. If so that would mean you could run into labor agreements in our particular country which would mean more than 1 person needs to be hired for this job. Also you talk about handling the incident, depending on how you choose to set it up you would prob. only respond to what it relevant for your system so the amount of work should follow what David Hawley mentioned. If you are looking a creating a Incident Response Team then you might be looking at additionell personell to be hired based on what our current IT dep. have or not. A good approach to this would be to think of the process of handling a notification in the console and an actual intrusion of your network perimeter. From this you should be left with some gaps to fill and also possible positions if you can't put this on personell allready in our company. You might want to check out this book: 0-201-73723-X Morten Brandt Operator [EMAIL PROTECTED] estructure.net Aaboulevarden 70, 8000 Aarhus C Denmark +45 70262527 Sent by: [EMAIL PROTECTED] To: "QUAGLIERI, ERNEST E" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> cc: (bcc: eStructure Net) Subject: RE: Staffing needs TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- Network monitering of 1 sensor logs could exceed 1 GB / day, which is why you need data consolidation SW. If you have that, it can be pared down to a partial MH/day. I (1 man) administered over 1,000 nodes, before including all *NIX Host admin & Internet services and firewalls WITH data consolidation, without consolidation You could waste a team reading the logs from one sensor. David Hawley, CISSP Automated Total Systems Solutions, Inc. 201 Sandpointe Ave, Ste 870 Santa Ana, CA 714-966-0661 -----Original Message----- From: QUAGLIERI, ERNEST E [mailto:[EMAIL PROTECTED]] Sent: Friday, July 26, 2002 1:11 PM To: '[EMAIL PROTECTED]' Subject: Staffing needs TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ------------------------------------------------------------------------ ---- I have been asked to research staffing requirements for a monitoring group. I was wondering if anyone could offer information on the number of recommended personnel per sensor(s), (or per console, based on xx number of sensors) and whether they simply monitor or also investigate suspicious activity. I realize that the level of alerts would affect this number but I am just looking for a baseline. Thanks in advance, Ernie Quaglieri FleetBoston Financial
