He also calculated how many incidents a team of 10

[tanjimajuha20]

ikhail Styugin, head of the information security automation department at Positive Technologies, said at the Infoforum that large Russian companies need many more information security specialists to monitor threats. However, on average, this is done by a staff of one to 10 people. "Very often we have a situation where only one person monitors this. He does not investigate incidents as such, he looks for violations of internal security regulations that need to be responded to," added Mikhail Styugin.
people can close per day: "If colombia whatsapp number database a company has 10 people, then that's not bad. However, it's still not enough. For successful work, you need many times more specialists. 10 people on shift is about 57 man-hours per day, which we have for investigating and responding to an incident. In total, the infrastructure generates an average of 600 to 3,000 suspected incidents per day. Each processing takes about seven minutes. Thus, the maximum resource of the analyst team is 488 processings per day with an 8-hour working day. Therefore, without automating some processes, it is impossible to cover the threat model of a large corporation."

Alexander Dvoryansky, Director of Information Security at Element JSC (microelectronics manufacturer), explained the reason for the shortage of specialists: "There is indeed an acute shortage of qualified specialists and analysts for analyzing information security incidents in the information security monitoring center (SOC). This is due to the rapid development and expansion of the functionality of commercial SOCs. One of the options for solving the personnel problem is precisely the automation of responses to typical non-critical incidents. Most of them are processed automatically, and only truly critical incidents are monitored by an analyst. At the moment, the leaders are companies that have automated responses to the maximum possible number of incidents."

Andrey Mishukov, CEO of the information security integrator company iTPROTECT, told how many people a team of specialists should consist of: "According to our estimates, the financial sector has enough employees to monitor and ensure information security, with the exception of small banks. A similar situation is in telecom and high-tech companies. But most other corporations really do have a shortage of specialists in various areas of cybersecurity. If we are talking about small businesses, then one employee is enough. But for medium and large ones - up to 1,000 employees - at least three specialists are required in the cybersecurity team. In cases where over 1,000 people work, at least one specialist should be added to the team for every thousand. In order to develop and improve the information security management system, you need to either attract an integrator who will perform some of the functions, or increase the team and strengthen it in areas that require development."

Deputy Director for Business Development at Angara SOC Cyber ​​Resilience Center Artem Gribkov suggested what the situation with staff shortage could lead to: "In accordance with the Labor Code of the Russian Federation, at least seven people are required to organize one 24-hour on-call shift of analysts. Depending on the size of the organization and the number of assets, several such shifts may be required. In addition, senior threat analysts, shift managers, and specialists responsible for the maintenance and operation of monitoring systems are needed. Thus, the composition of such a unit can reach 15-20 people. At the same time, specialists must have a high level of expertise. It is hardly possible to provide Russian companies with such a number of personnel. This situation leads to the growing popularity of external service providers offering services for monitoring and responding to information security incidents."