Six basic skill of IT security departement

Every security department, no matter how small, requires the same general set of skills
1. Security administration
2. Policy development
3. Architecture
4. Research
5. Assessment
6. Audit

That is not to say that each security department requires a minimum of six people. On the contrary, the number of people required by a security department depends on many other factors. These skills form the basis of the department's tasks. Another way to describe this skill area is 'security operations'-in other words, the day-to-day operations of security systems within the organization. These systems may be:
• Operating systems security and access control
• Firewalls
• Intrusion detection systems
• Authentication systems
• User accounts
• Vulnerability scanners
• Policy management systems
• Public key infrastructure
• Encryption systems

The potential list of security systems is very large and each organization may have their own configurations. Some organizations place the operations of any and all of these systems under the security department. In these cases, the staff required to manage these systems may be large. For example, organizations that use mainframes with RACF, ACF2, or Top Secret may have the security department administer all user accounts. This may require a staff of six or more people depending on the number of users with accounts on the mainframe.

Source: De Guise, Preston. Enterprise systems backup and recovery