Problem solve Get help with specific problems with your technologies, process and projects.

The right ratio of security staff and dollars

I am trying to determine the right ratio of information security staff support to number of users supported. I realize this is an inexact science, but I was wondering if study results have shown what desired dedication levels should be. I also am trying to determine what the appropriate percent of the overall IT budget the security budget should entail. Can you help?
Ratios for support staff to users vary all over the place, normally in a range of 40-50 to one on the low end, and 1,000s to one on the high end. It depends most importantly on the level of support that users require and/or are willing to pay for. Since you say nothing about the industry, application, or funding available to pay for such services, it's hard for me to be more specific.

As for security vis-a-vis the overall IT budget, that ratio is on the upswing right now in the wake of September 11. Prior to that, it seldom exceeded more than 5% of overall spending; these days I'm starting to see more and more budgets in the 3 to 10% range. Spending on security is on the rise! --Ed--
This was last published in November 2001

Dig Deeper on Network Security Monitoring and Analysis

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.