Elsevier

Computers & Security

Volume 9, Issue 5, August 1990, Pages 395-402
Computers & Security

How many information security staff people should you have?

https://doi.org/10.1016/0167-4048(90)90069-6Get rights and content

Abstract

For many years, practitioners had only their own persuasiveness to fall back on in their efforts to convince management to allocate additional resources to information security staffing. This article provides the results of a recent study that examined the average level of investment in information security staff vis-a-vis other related organizational functions such as data processing and EDP auditing. The results, expressed as ratios of other functional area total staff to information security total staff, are shown by both organizational size and industry. The window for prudent information security staffing levels for U.S. organizations is shown to be rather narrowly defined. The study also indicates that practitioners can easily calculate level-of-staffing ratios to gauge their own organization's level of commitment to information security. This article initiates a conversation about the definition of a generally accepted level of information security staffing.

References (0)

Cited by (0)

View full text