Gary, From my experience, there is not usually enough work to keep a full-time employee busy. The person who is responsible for forensic analysis of systems will also be responsible for other areas. For example he/she may be part of the incident response team, IDS analysis, policy creation or any number of other security related tasks. It also depends on the size of the company, number of locations and type of industry. What I have experienced is patterns of peaks in workload, it seems like there is an outbreak of investigations all of a sudden and it may taper off until another outbreak. You have to fill the lulls with something! There are pro's and con's on outsourcing vs. in-house. Depending on what your ultimate goal is will determine which is best for you. Some companies do not like to have outsiders involved in the most sensitive areas of the business, while others prefer to have an objective third party involved in case litigation is involved. Also finding a skilled investigator to hire may prove more difficult and expensive then your budget allows. Where as with outside firms you are paying as you need them. One suggestion I would make is to develop the talent in-house. That is how I got my start in the field. Usually you can find someone who has an interest in it. Hope this helps ! Just my .02 Scott Davis -----Original Message----- From: Hasty, Gary [mailto:Gary.Hastyat_private] Sent: Wednesday, July 25, 2001 3:13 PM To: 'forensicsat_private' Subject: in-house computer forensics I have been looking into creating an in-house "forensics"-type position within our legal department. This position would be responsible for overseeing "traditional" forensics work as well as a liaison with IT/Engineering, technical contract review, penetration studies, etc... Question: Anyone else know of a company with such a position? Any details on how well it works to have in-house resources fulltime as opposed to contracting out on a periodic basis? --- Gary M. Hasty, IT Manager Internal Audit BellSouth Corporation 404-249-3057 iPager: garyhastyat_private ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 15:29:03 PDT