OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Ron Gula (rgulaENTERASYS.COM)
Date: Wed Jan 17 2001 - 13:34:44 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hello Al,

    For our customers with the Dragon IDS, I see organizations
    of about 3000 people deploying anywhere between 2 to 8
    dedicated security folks. There are grey areas such as the
    relationship to physical security, who runs/operates the
    firewalls and who does incident response. But to answer
    your questions based on our type of customers it would be:

    >Does your organization have a dedicated ID staff?

    Yes. Most do.

    >If so, how large is this staff? If not, where do you
    >draw the staff from?

    2 - 8 people with mixed skilled sets. Either the 2 people
    are 'experts' or the 8 people have specific focuses such
    as firewalls, NT systems, etc.

    >What skills do you look for in ID staff?

    Familiarity in security threats and operational experience.
    I've seen a lot of brilliant security folks not do well
    working with other folks.

    >Is the ID staff integrated with the incident response
    >staff?

    Yes, but there is usually a break between folks who run
    the IDS stuff and folks who do things like physical investigations
    of employee computers.

    One other thought that you should consider (if you have not)
    is the possibility of a managed IDS solution.

    Ron Gula
    VP IDS Products
    Enterasys Networks
    http://www.enterasys.com/ids
    http://www.securitywizards.com

    At 03:04 PM 1/17/01 -0000, you wrote:
    >My company (an organization of approximately 3000
    >people in the financial industry and which is doing an
    >increasing amount of business on the Internet) is
    >currently putting together a plan for an intrusion
    >detection and incident response capability.
    >
    >I am curious to hear what other organizations of a
    >similar size are doing regarding staffing such a
    >capability.
    >
    >Does your organization have a dedicated ID staff?
    >
    >If so, how large is this staff? If not, where do you
    >draw the staff from?
    >
    >What skills do you look for in ID staff?
    >
    >Is the ID staff integrated with the incident response
    >staff?
    >
    >If anyone has a job description for members of such
    >a staff that they would be willing to post, that would be
    >great.
    >
    >I look forward to some interesting discussion on this
    >topic!
    >
    >Al
    >
    >
    >
    >