Is there a document anywhere that can give me an idea of something along the lines of a general "recommended active IT security staff per employee ratio"? By "active IT security" I mean in-the-trenches people doing the legwork to get the last 3-5% of systems (at 400+ systems nothing is ever 100% in perfectly automated sync) fully compliant and up-to-date, keep astride of the IDS detections and tracking down which are false positives and which are actual alerts, etc.
It has occurred to me that with 450 employees that there should probably be more than one FTE handling everything from IDS to keeping patches and AV current on all systems, employee training, etc... Heck I bet I can use one FTE that does NOTHING but track down and mitigate the non-compliant systems for AV and patching alone. David Lum Systems Engineer // NWEATM Office 503.548.5229 // Mobile 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
