ReadyNine | [email protected] | 500 W. Madison Street, Suite 1000, Chicago, IL 60661 Detection / Prevention These questions are designed to ensure continuous monitoring, detecting and responding to events. 1. Do you have an MDR, SIEM and/or other solutions monitoring your infrastructure and or shared infrastructure being used to support client services? Please explain in detail. 2. Log management: a. Please describe your log capture, storage and retention process. b. Are logs stored offsite and protected from threat actors? c. Please describe your log collection and verification process. d. Please describe access replay functionality. e. Are there insider protections in place against the deletion or modification of logs? 3. Do you require logon banners declaring that the systems contain confidential and proprietary information, and warning of employment action and potential criminal prosecution for any unauthorized access or use of the systems? 4. Are all devices (servers, desktops, laptops, phones, portable USB/Flash drives, etc.) that contain client data encrypted? a. If yes, using what encryption mechanisms, key management, access rules and policies? b. If no, what compensating controls are in place? 5. Do you block access to known malicious websites? 6. Are you using enterprise level, centrally managed end-point protection against malware? 7. Do you use DNS / URL reputation services?