Introduction It’s not difficult to find a lot of good information on general Information Technology staffing ratios. Spend a few minutes online, and you will quickly turn up surveys, benchmarking studies, and lively discussions. The “right” ratio of IT staff to users at large varies widely, depending on the type of business, the industry’s reliance … Continue reading So, How Many Information Security People Do We Need?
Abstract Too often, the decision of whether or not to implement a security measure is ultimately based on a vague appeal to "best practices", or on a gut feeling that the cost of a countermeasure outweighs the risk of an exposure. In this paper, the author proposes a model, based on Net Present Value, Return … Continue reading Applying NPV and ROI to Security Investment Decisions
Applying the Lessons of Traditional Investigators In a corporate setting large enough to have a dedicated Information Security function – whether as a sub-department of the IT division or as a separate division unto itself – Information Security Officers and Analysts are often called upon to conduct investigations into user actions. If, for example, a … Continue reading Managing the InfoSec Investigative Function