Are there best practices or staffing models available to assist with setting up a team specific to the management, tracking, compliance and reporting of identified risks and issues. Ie What's the right ratio of people to identified issues to properly manage those items to completion?

1.1k views2 Comments

Sort by:

CIO in IT Servicesa year ago

Typically, I'll use a 10-15% ratio against revenue for staffing needs (overall team size). Depending on the size of the company, the number of staff will adjust from this starting point. The CISO also needs to consider the organization's cyber maturity score, the tools that have been implemented, their compliance needs and their incident response rates. There is no hard fast rule here - it's a combination of people-process-technology that lends itself to obtaining the right answer on how to staff.

Chief Information Security Officer in Healthcare and Biotecha year ago

ratio of people to identified issues, depending on the size and complexity of the business, nature industry, and the level of risk appetite. Organizations should try to achieve a balance between resource requirements to attend the identified problems timely with efficiency and cost-effectiveness.

Content you might like

Which vendor solutions are being considered to "read, identify and redact information" in unstructured data sets? I'm specifically looking at solutions that can mask / redact or hide content within documents, that allow documents to be consumed but certain piece of information to be hidden.

Which pitfalls—model bias, false positives/negatives, data quality, regulatory constraints—often impede AI-based security tools, and how can they be mitigated in a financial-services context?

Has cryptocurrency helped to facilitate the ransomware market?

Yes80%

No15%

Unsure4%

View Results

What do you think the CMMC (Cybersecurity Maturity Model Certification) will actually address?

Does your phishing awareness training cover "smishing" tactics (phishing via SMS)?

Yes71%

No26%

Unsure2%

View Results

Are there best practices or staffing models available to assist with setting up a team specific to the management, tracking, compliance and reporting of identified risks and issues. Ie What's the right ratio of people to identified issues to properly manage those items to completion?

Sort by:

Content you might like

Which vendor solutions are being considered to "read, identify and redact information" in unstructured data sets? I'm specifically looking at solutions that can mask / redact or hide content within documents, that allow documents to be consumed but certain piece of information to be hidden.

Which pitfalls—model bias, false positives/negatives, data quality, regulatory constraints—often impede AI-based security tools, and how can they be mitigated in a financial-services context?

Has cryptocurrency helped to facilitate the ransomware market?

What do you think the CMMC (Cybersecurity Maturity Model Certification) will actually address?

Does your phishing awareness training cover "smishing" tactics (phishing via SMS)?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go