Home :: Articles

How to Create an Information Security Staffing and Training Solution

As a security manager, one of your responsibilities each year is to create a staffing and security training budget. Whether you have a team of CISM, CISSP, CCSP, and CEH certified professionals or need to budget for CISSP training, a simple skills assessment in Excel will get you started.

Each year, security managers must create a budget addressing their staffing and IS training budget. While you may be an expert at information security, budgeting may not be one of your strengths. An excellent way to plan for staffing and IS training budgets is to first identify the security roles needed such as CISM, CISSP, CEH, CCSP, and so forth before matching your existing staff with the roles. You’ll soon see where gaps exist and be able to identify the level of computer training needed to get your team into optimal position.

Start with a blank worksheet in Excel or a similar spreadsheet application. In the second cell of the top row, type in the first role (such as CISM). In the next cell, enter the next security role. Continue across until all roles are entered. Format these cells so that the text is oriented 90°. Do the same for training programs directly next to your security roles. For example, you might need SANS Track 2 Training or ISO 27001.

The second row will be your header. In B1, type “Employee.” Next, merge all of the cells beneath your security roles and type in “Certifications.” Now, merge all of the cells beneath the training programs and type in “Information Security Training.”

Finally, list each of your IS employees and place an X in the corresponding certifications and IS training columns. You’ll need the input of each employee to best identify who has which skills. You’ve now identified skills and have a current skills matrix from which to build your training budget.

Now, you’ll need to decide how much to budget for security training per employee. Don’t forget to include your own training needs in this exercise. Ideally, each employee should have at least one training session per year which could cost between $2500 to $5000 per employee. For example, if you have a team of seven core security team members and a budget of $5000 per person, your annual security training budget would be $35,000. You can enter formulas into your Excel spreadsheet to calculate and total the budget.

It’s even more beneficial if you know the costs of the training while creating the budget. For example, if you know that you’ll need to send Employee A to a Cisco CCSP Boot Camp, find out how much that will cost and base your budget on actual costs. Don’t forget associated travel costs such as airfare, lodging, and meals.

If money is tight, consider cost-effective alternatives such as online CISSP training or CISSP computer based training courses.

By budgeting your security staffing and training requirements using a matrix like this, not only will you be able to create a workable budget for the coming year, you’ll also identify gaps in your organization’s security levels and be able to address them through training.

 

If you would like to receive permission to use our articles on your webiste, you may contact us at permission@kalliance.com.