[unisog] How Many Using RT/RTIR For Incident Reporting & Tracking?

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Fri Mar 31 22:23:52 GMT 2006


On Fri, 31 Mar 2006 16:56:13 EST, Gary Flynn said:

> NYU ITS Security wrote:
> 
> > Proudly replying to the list.
> > 
> > We stood up a full production RT 3.4.4 ticket system in Oct 2005 and 
> > have been very happy with it.  It has handled 5200 tickets in the 5 
> > months since, and is used by the 5 of us on the security team.
> 
> What kind of incidents do you log that create more than 1000
> tickets per month?

It's easy if you're generating tickets for every probe/scan/etc.

What *I* want to know is how the 5 of them handled 5,000 incidents in 5
months.  That's 200 per person per month - assuming 4 50-hour work weeks in
a month, they have to close out an incident an hour on the average.

That's either a *lot* of easily closed out false positives, or spending much
too little time per incident.  In either case, it's burnout waiting to happen.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20060331/e36a9e48/attachment.bin


More information about the unisog mailing list