- Is there a rule of thumb (or best practice) regarding the number of persons in the IT departement?
- Is there a ratio? (eg. 1 IT support for every 100 users)
- Is it industry-dependent? (eg. banking, telecommunication, manufactuing, retail, government)
- Is there a common (organization) structure? eg. help desk, technical support, planning, development, QA, security.
My current interest is finding the right structure for an IT security unit (departement, team).
- Should security be part of the IT departement? or Audit? or directly under CEO (which means there should be a Chief Security Officer)? or ad hoc?
- What is the best structure of a security unit? help desk, support, incident handling, etc.?
- How many people and what are the requirements?
- Is security certification important?
I need pointers, references, reading materials, and examples.