Operational vs project time

[Gary Flynn <flynngn () JMU EDU>]

Hi,

We're undergoing some internal analysis and were wondering what
security groups were seeing as the proportion of time spent on
operational work vs project work.

By operational work, I mean recurring things like responding to
calls, access requests, infections, incidents, training and
presentations, daily monitoring and response tasks, tuning,
upgrades, and the like.

By project work, I mean things like providing new internal or
external services and development.

Projects may be internal projects to improve security functions
( e.g. network anomaly detection ), external projects providing
security services to external parties ( e.g. WSUS server ), or
interdepartmental projects where security personnel participate
in the project planning, design, management, and possibly
implementation on an ongoing basis ( e.g. portal, identity
management, new university system rollouts ).

We're currently estimating 60-70% of our time going to
operational tasks and wondered what others were seeing.

--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security