Detection / Prevention These questions are designed to ensure continuous monitoring, detecting and responding to events. 1. Do you have an MDR, SIEM and/or other solutions monitoring your infrastructure and or shared infrastructure being used to support client services? Please explain in detail. 2. Log management: a. Please describe your log capture, storage and retention process. b. Are logs stored o昀昀site and protected from threat actors? c. Please describe your log collection and veri昀椀cation process. d. Please describe access replay functionality. e. Are there insider protections in place against the deletion or modi昀椀cation of logs? 3. Do you require logon banners declaring that the systems contain con昀椀dential and proprietary information, and warning of employment action and potential criminal prosecution for any unauthorized access or use of the systems? 4. Are all devices (servers, desktops, laptops, phones, portable USB/Flash drives, etc.) that contain client data encrypted? a. If yes, using what encryption mechanisms, key management, access rules and policies? b. If no, what compensating controls are in place? 5. Do you block access to known malicious websites? 6. Are you using enterprise level, centrally managed end-point protection against malware? 7. Do you use DNS / URL reputation services? Questions To Ask Your MSP | 14