The Ultimate Guide to Choosing WordPress Pros and Cons
Cyber ratios 2017 v1
1. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph
STKI 2017 Cyber Ratios
2. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph
FTE ratios are not trivial – cyber roles map
Cyber
guidance
Cyber
analysts
Infrastructure
development
Service desk
HR
NOC
outsourcing
cyber department
3. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph
Cyber roles map
Regulations
Top management
cyber risk management
high level policy
awareness
Cyber
guidance
Cyber
analysts
Infrastructure
development
Service desk
HR
analyst - response team,
define siem rules
בקרים
practical policy
(development, suppliers,
identity)
permission (operations - not policy)
cyber tools: FW, dlp, encryption,
DBMS FW, EPP (AV), deception
cyber related tools: patch
management, networking, hardening,
privileged account management, email
security, data masking, authentication
NOC
outsourcing
4. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph
IT from Mars, Finance (regulated) from Venus
5. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph 5
Cyber personnel
• Number of employees divided to total number of cyber related IT
personnel for non-regulated orgs (regulations is less than 50% of cyber
budget):
• First level soc personnel not included (mainly soc service in non-
regulated orgs.)
Source: STKI
# employees / #
cyber personnel
Per FTE
65625 percentile
1125Median
179275 percentile
6. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph 6
Cyber personnel: operational/guidance
• Number of operational cyber personnel divided to cyber guidance
personnel for non regulated orgs (regulations is less 50% of cyber
budget):
Source: STKI
# operational / #
guidance
Per FTE
1.5825 percentile
2.00Median
2.7575 percentile
7. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph 7
Cyber personnel
• Number of employees (that use computers) divided to total number of cyber related
IT personnel for regulated orgs (regulations over 50% of cyber budget):
• Cyber personnel include: guidance, cyber analysts, cyber operations, permissions
team
• First level soc personnel not included, insurance agents (not employees) are not
included
Source: STKI
# employees / #
cyber personnel
Per FTE
10625 percentile
133Median
15875 percentile
8. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph 8
Cyber personnel - guidance
• Number of employees (that use computers) divided to total number
of cyber guidance personnel for regulated orgs (regulations over
50% of cyber budget):
Source: STKI
# employees /
# cyber
guidance
Per FTE
33825 percentile
410Median
109575 percentile
Insurance agents (not employees) are not counted but still get service
9. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph 9
Cyber personnel – first level SOC
• Options for first level SOC operations mode:
– In sourcing : 1-2 FTE at work hours, 1 FTE at night. Total is about 6-9 FTE
– In sourcing: 1-2 FTE at work hours, at night - part of NOC. Total is about
3-4 FTE
– Outsourcing mode - 0 FTE.
Source: STKI
10. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph 10
Cyber personnel – cyber analysts
• Number of employees (that use computers) divided to total number of
cyber analysts personnel for regulated orgs (regulations over 50% of
cyber budget):
• Regulated organizations will have minimum 2 cyber analysts (part of
SOC or guidance). External response team might be used when needed.
Source: STKI
# employees / #
cyber analysts
Per FTE
60025 percentile
667Median
100075 percentile
Insurance agents (not employees) are not counted but still get service
11. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph 11
Cyber personnel - operations
• Number of employees (that use computers) divided to total number of cyber
operations personnel for regulated orgs (regulations over 50% of cyber budget):
• Example for cyber operations activities: FW, network security, email security, DBMS
firewall, encryption, authentication, security patches, hardening, etc.
• In many cases part of infrastructure technology teams (networking, sytem, PC, etc).
Source: STKI
# employees / #
cyber operations
Per FTE
21725 percentile
285Median
50075 percentile
12. Pini Cohen’s work Copyright@2016. Do not remove source or attribution from any slide or graph 12
Cyber personnel – permissions team
• Number of employees (that use computers) divided to total number of
permissions team personnel for regulated orgs (regulations over 50%
of cyber budget):
• Permissions team might be part of service desk, security guidance or
security operations
Source: STKI
# employees / #
permissions team
Per FTE
46525 percentile
600Median
66775 percentile
Insurance agents (not employees) are not counted but still get service