RE: Sizing the Information Security Department

K7 -

As part of your business case, are you preparing an inventory of the assets requiring protection??
Computer Networks & Systems and the information residing on these systems are just as important corporate assets as compared to more tangible assets such as buildings, materials, etc. Everyone understands why a company needs a security guard to the entrance of a building, but not everyone necessarily understands why a guard is needed for Information Security - the inventory will assist in demonstrating the need.





On Thu, Sep 4, 2008 at 3:22 PM, <k7.fantr@xxxxxxxxx> wrote:
Hello all.

I am preparing a business case for increasing the size of the Information Security department at the company where I work. This is a smaller company with about 700 employees. Right now, I am the security department. :) - I am asking to hire 3 security professionals to augment my load and to allow me to focus on more of the strategic needs and higher level analysis.

My question is this: Do any of you know of any published recommendations regarding the size of a security department based on company size? Any guidance in this regard is appreciated.

Thanks in advance!