Sizing information security and cyber security team

(What should be the number of people who make up the team responsible for information security management and how many cybersecurity?)

Answer: There is no single answer for this question, because the size of the team will depend on the size and complexity of the company's scope.

For small organizations, up to 50 employees, a single person may be sufficient to cover all these needs. For bigger organizations, it may be necessary several persons with specific competencies (e.g. information security, network security, database security, software development security, etc.)

For additional information, please read:
- RACI matrix for ISO 27001 implementation project https://advisera.com/27001academy/blog/2018/11/05/raci-matrix-for-iso-27001-implementation-project/

We've received additional question:

>Gracias por su información, lo que me lleva a la siguiente interrogante: Se aplica igual para entidades bancarias?

>(Thank you for your information, which leads me to the following question: Does the same apply to banks?)

Answer:

The general idea also applies to financial industries, but since it is a highly regulated industry, you should verify if there are any regulations about specific roles to be fulfilled (e.g., for EU GDPR you have to designate a Data Protection Office - DPO).