Skip to main content

Tips and Guidelines for Sizing Your Information Security Organization

There is no magic formula for CIOs and security leaders when assessing the right size of a security team. Factors that influence the team size team include the work it must do, the distribution of responsibility, the extent of the risks the team manages and available resources.

·         Analysis
o    Understand the Challenges Inherent in Sizing a Security Function
o    Define the Primary Roles of the Security Team
o    Consider What Other Organizations Are Doing
o    Assess Your Staffing Levels Against the Comparative Ratios

§  It Is Important to Remember the Limitations of Using Comparative Data

Comments

Post a Comment

Popular posts from this blog

LinuxGuruz Netfilter IPTABLES Firewall Page

The Netfilter Project Homepage http://www.netfilter.org Source Code Userspace code (tar.bz2) http://www.netfilter.org/files/iptables-1.3.0.tar.bz2 FAQ Netfilter/Iptables FAQ http://netfilter.samba.org/documentation/FAQ/netfilter-faq.html Firewall Forensics (What am I seeing?) FAQ http://www.robertgraham.com/pubs/firewall-seen.html Network Intrusion Detection Systems - IDS http://www.robertgraham.com/pubs/network-intrusion-detection.html Sniffing (network wiretap, sniffer) FAQ http://www.robertgraham.com/pubs/sniffing-faq.html Linux IP Masquerade FAQ http://en.tldp.org/HOWTO/IP-Masquerade-HOWTO/ Firewall Admins Guide to Porn FAQ http://www.robertgraham.com/pubs/firewall-pr0n.html Hacking Lexicon - hacking dictionary http://www.robertgraham.com/pubs/hacking-dict.html Submit a FAQ Link or URL http://www.linuxguruz.com/iptables/#links Scripts Home LAN masquerading http://the-devil.dnsalias.net/home/extremist_MASQ Home LAN ip6t...
Post a Comment
Read more

How to Address the Patching Paradox

Analyze your vulnerability response capabilities.  Assess vulnerability detection and patching capabilities to identify vulnerability response issues. Tackle low-hanging fruit first.  Prioritize minor vulnerability response problems and build a comprehensive vulnerability response strategy over time. Eliminate barriers between security and IT teams.  Combine vulnerability and IT configuration data into a single platform to drive collaboration between security and IT teams. Create end-to-end vulnerability response processes.  Develop vulnerability response processes and ensure that security and IT teams have a shared view of these processes. Retain security talent.  Remove internal barriers, optimize day-to-day processes and automate mundane work; by doing so, an organization can create a positive environment for security teams, increase employee satisfaction and boost the likelihood of retaining top security talent. Manual vulnerability response process...
Post a Comment
Read more

mobile application Security Testing

Apps that enterprises develop themselves (or have developed by outsourcers) must be tested, to ensure they’re not leaking customer data or opening the enterprise to attack It’s cheaper and faster to test apps pre-production than it is after deployment Automated testing of mobile software is faster and more effective than manual testing Mobile applications interact with back-end web servers and services that also need to be tested That’s where AppScan® comes in What customers struggle with: Deploying secure mobile applications – both iOS and Android Static testing of mobile applications for security exposures, prior to deployment Inability to assess security of mobile applications developed by outsourcers Finding resources to test application code Understanding security risks of the mobile application environment Bringing together mobile application testing results with back-end web application and services resu...
Post a Comment
Read more