[unisog] How Many Using RT/RTIR For Incident Reporting & Tracking?
Valdis.Kletnieks at vt.edu
Fri Mar 31 22:23:52 GMT 2006
On Fri, 31 Mar 2006 16:56:13 EST, Gary Flynn said:
> NYU ITS Security wrote:
> > Proudly replying to the list.
> > We stood up a full production RT 3.4.4 ticket system in Oct 2005 and
> > have been very happy with it. It has handled 5200 tickets in the 5
> > months since, and is used by the 5 of us on the security team.
> What kind of incidents do you log that create more than 1000
> tickets per month?
It's easy if you're generating tickets for every probe/scan/etc.
What *I* want to know is how the 5 of them handled 5,000 incidents in 5
months. That's 200 per person per month - assuming 4 50-hour work weeks in
a month, they have to close out an incident an hour on the average.
That's either a *lot* of easily closed out false positives, or spending much
too little time per incident. In either case, it's burnout waiting to happen.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 228 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20060331/e36a9e48/attachment.bin
More information about the unisog