Probably way off topic...

[Jon Kibler <Jon.Kibler () aset com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

I have a client that is trying to justify hiring a network/security
person for their IT staff. Senior management already thinks they are
overstaffed. Here is a rough outline of their environment:
  Company size: ~200
  Number of locations: 12 across 8 states
  Number of "full time" computer users: ~150
    ~100 sales (wholesale / distribution)
    ~15 management / executive / HR
    ~15 clerical / administrative / purchasing
    ~15 accounting / finance / payroll
    4 IT

The I.T. Department is responsible for:
  All computers:
    ~130 Desktops
    ~60 Laptops
    ~25 Servers
  All communications and networks:
    9 Telecoms (voice, cell)
    8 ISPs (Internet, WAN)
    12 PBXes w/ ~180 handsets
    ~90 Cellphones and laptop cell Internet
    16 VoIP Gateways
    ~30 Routers
    ~16 Network Firewalls
    ~60 Switches
    14 Port Servers
    12 IDS sensors
  All software and services:
    Windows XP
    Windows 2003 Server
    RHEL 5.x
    Cisco IOS/AOS
    ERP Suite
    Web Sites (1 external, 2 internal)
    Email / Email Filtering
    EDI
    IDS
    Event Correlation Management System
    AV/Host Firewall/NAC Suite
    Web Content Filtering
    ~20 outside service providers
    Patch Management
    etc.
  Miscellaneous:
    ~200 RFID and/or bar code scanners (ERP integrated)
    ~20 timeclocks
    ~40 network printers
    ~120 desktop printers
    All I.T. related purchases, installation, configuration, maintenance
    Physical security systems

Currently, their staff consists of:
   -- IT Manager / Jack of All Trades
   -- 1 ERP/EDI support person
   -- 1 Systems Admin who also does network admin and hardware support
   -- 1 Help Desk who also does web site, email, host based security,
and teleco / PBX support

The staff recently lost their primary hardware support person and a
part-time administrative person when budgets were cut. Current staff is
overworked, but pay for overtime has been eliminated.

The IT manager asked me to help him put together some information to
help support his push for more staff. I did some Googling, but did not
find anything from the past couple of years that was of any real use.

So, what I am asking is, do you have any information concerning IT
staffing guidelines? Specifically:
  o What would be the size of a typical IT staff that would have to
support the above resources?
  o Anyone aware of any studies/guidelines for IT staff size based on
the number of "non casual" computer users in an organization?
  o Anyone aware of any studies/guidelines for what should be the IT
budget based on either a percentage of revenue or a percentage of
overhead budget?
  o What is the typical size of an organization before they staff a
"dedicated" I.T. security person?

TIA for any info!

Jon K.
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkkMeBEACgkQUVxQRc85QlNkAwCeJT3WsUdbU853fvY+95TtsqIK
/4YAn2Y5dNnSih3PaUOi8feNMcc4fKCJ
=9VKh
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.