Cyber ratios 2017 v1
1 like732 views
This document contains slides from Pini Cohen's work on cybersecurity staffing ratios. It provides data on typical ratios of cybersecurity personnel to overall employees for regulated and non-regulated organizations. Ratios are given for total cyber staff, operational to guidance staff, analysts, operations personnel, permissions teams, and first level security operations centers. The data is based on a survey conducted by STKI.
Cyber ratios 2017 v1
- 1. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph STKI 2017 Cyber Ratios
- 2. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph FTE ratios are not trivial – cyber roles map Cyber guidance Cyber analysts Infrastructure development Service desk HR NOC outsourcing cyber department
- 3. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph Cyber roles map Regulations Top management cyber risk management high level policy awareness Cyber guidance Cyber analysts Infrastructure development Service desk HR analyst - response team, define siem rules בקרים practical policy (development, suppliers, identity) permission (operations - not policy) cyber tools: FW, dlp, encryption, DBMS FW, EPP (AV), deception cyber related tools: patch management, networking, hardening, privileged account management, email security, data masking, authentication NOC outsourcing
- 4. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph IT from Mars, Finance (regulated) from Venus
- 5. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph 5 Cyber personnel • Number of employees divided to total number of cyber related IT personnel for non-regulated orgs (regulations is less than 50% of cyber budget): • First level soc personnel not included (mainly soc service in non- regulated orgs.) Source: STKI # employees / # cyber personnel Per FTE 65625 percentile 1125Median 179275 percentile
- 6. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph 6 Cyber personnel: operational/guidance • Number of operational cyber personnel divided to cyber guidance personnel for non regulated orgs (regulations is less 50% of cyber budget): Source: STKI # operational / # guidance Per FTE 1.5825 percentile 2.00Median 2.7575 percentile
- 7. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph 7 Cyber personnel • Number of employees (that use computers) divided to total number of cyber related IT personnel for regulated orgs (regulations over 50% of cyber budget): • Cyber personnel include: guidance, cyber analysts, cyber operations, permissions team • First level soc personnel not included, insurance agents (not employees) are not included Source: STKI # employees / # cyber personnel Per FTE 10625 percentile 133Median 15875 percentile
- 8. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph 8 Cyber personnel - guidance • Number of employees (that use computers) divided to total number of cyber guidance personnel for regulated orgs (regulations over 50% of cyber budget): Source: STKI # employees / # cyber guidance Per FTE 33825 percentile 410Median 109575 percentile Insurance agents (not employees) are not counted but still get service
- 9. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph 9 Cyber personnel – first level SOC • Options for first level SOC operations mode: – In sourcing : 1-2 FTE at work hours, 1 FTE at night. Total is about 6-9 FTE – In sourcing: 1-2 FTE at work hours, at night - part of NOC. Total is about 3-4 FTE – Outsourcing mode - 0 FTE. Source: STKI
- 10. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph 10 Cyber personnel – cyber analysts • Number of employees (that use computers) divided to total number of cyber analysts personnel for regulated orgs (regulations over 50% of cyber budget): • Regulated organizations will have minimum 2 cyber analysts (part of SOC or guidance). External response team might be used when needed. Source: STKI # employees / # cyber analysts Per FTE 60025 percentile 667Median 100075 percentile Insurance agents (not employees) are not counted but still get service
- 11. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph 11 Cyber personnel - operations • Number of employees (that use computers) divided to total number of cyber operations personnel for regulated orgs (regulations over 50% of cyber budget): • Example for cyber operations activities: FW, network security, email security, DBMS firewall, encryption, authentication, security patches, hardening, etc. • In many cases part of infrastructure technology teams (networking, sytem, PC, etc). Source: STKI # employees / # cyber operations Per FTE 21725 percentile 285Median 50075 percentile
- 12. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph 12 Cyber personnel – permissions team • Number of employees (that use computers) divided to total number of permissions team personnel for regulated orgs (regulations over 50% of cyber budget): • Permissions team might be part of service desk, security guidance or security operations Source: STKI # employees / # permissions team Per FTE 46525 percentile 600Median 66775 percentile Insurance agents (not employees) are not counted but still get service