Security Operations: Ask This;

TLDR: Ask This;

1. If you have a help request system, does your help request system work with your security operations center?

2. Does your organization have a formal security operations center or team that actively manages security incidents and events as they are generated?

3. Do you have a need to build out a security operations center (SOC) or will you have a virtual SOC?

4. Do you have the appropriate certification(s); for example, certified to security operations management system standards as ISO 18788?

5. Do you have a dedicated threat hunting platform for your security analysts?

6. Does your system have a protocol to report threats or significant security concerns to appropriate law enforcement authorities?

7. How does your organization coordinate BCM and security operations response to a breach?

8. What level of security depth does your security operations staff possess, and for what support time frames?

9. Do you have a 24x365 security operations center monitoring all systems for potential security issues?

10. How long does it take your security operations team to investigate a threat?

11. How does your organization use intelligence to augment and improve your security and business operations?

12. If you are currently outsourcing security operations to a third party service provider, what benefits have you realized?

13. Based upon your organizations business application plans and IT initiatives, how important is it for your organization to automate its network security operations in the future?

14. How many SIEM/security analytics alerts does your security operations team investigate in a typical day?

15. What security measures does your organization employ to keep your threat intelligence secure?

16. Does your information security policy have the authority it needs to manage and ensure compliance with the information security policy?

17. Does each staff member within the security organization have an accurate job description?

18. How does the need for real time data impact the deployment of your security technology?

19. How do you know that your cybersecurity tools are effective?

20. Do your forensic and actionable intelligence networks integrate with your security information and event management (SIEM) and security operations center (SOC) infrastructure?

21. How has widespread remote work changed how your CISOs have approached the security strategy?

22. What security data is your security operations team gathering and why?

23. How does your organization integrate relevant and actionable intelligence into security operations?

24. How does your organization compare to industry peers based on benchmarking its security maturity curve?

25. How can your security operations workflows benefit from more integration of threat intelligence?

26. How does your organization use security operations products that feature machine learning (ML) and/or Artificial Intelligence (AI) technology?

27. Does your audit program take into account effectiveness of implementation of security operations?

28. What are the sources of external data that your Security Operations team can leverage to develop and maintain its context aware understanding?

29. How is the system integrated along with existing security operations centers and infrastructure, as security cameras, data connectivity, and display systems?

30. How do you actually know when an incident has occurred?

31. Have you developed an adequate public information and media relations plan as part of your event security operations plan?

32. What level of communication is taking place between your security operations team and the cybersecurity ecosystem of employees, senior executives, and third party vendors?

33. How is your organization managing the security operations center in avoiding threat fatigue?

34. Do you have a designated security team and response workflows for handling known threats?

35. How do you ensure that your security programs comply with all policies and requirements?

36. Does everyone with need to know understand your organizations security plan?

37. Do you have real time visibility and full control of your security and operations?

38. How do you know if your security operations are aligned with your organizations risk?

39. Do project teams have review checklists based on common security related problems?

40. Do you have an integrated security ecosystem to detect zero day threats and advanced malware?

41. With security threats growing in both volume and sophistication how does your organization keep up without aggressively ramping up the security operations team?

42. Is deception technology in use as an effective cybersecurity solution to help your organization?

43. Are the Incident Reponse plans, logs and helpdesk ticketing system currently integrated with each other?

44. Does your organization have regular intelligence on who may be targeting your organization, the methods and the motivations?

45. How have you addressed the human factors in ensuring security controls are effective?

46. How does your organization automate and orchestrate security operations tasks?

47. How has the shift to remote working and multi cloud environments affected your Security Operations Center?

48. Do you have full visibility into your security devices log reports?

Organized by Key Themes: SECURITY, RISK, MANAGEMENT, DATA, OPERATIONS, DEVELOPMENT, INCIDENT, TECHNOLOGY, CLOUD, NETWORK:

SECURITY:

What feedback mechanisms exist within your services to capture threat intelligence?

Administer and maintain security systems in the cybersecurity security operations center (CSOC) technology stack, including the security information and event management (SIEM) environment; OT and IT network intrusion detection systems (IDS); endpoint detection and response (EDR) tool; security orchestration, automation, and response (SOAR); cyber threat intelligence platform (TIP); and full packet capture (PCAP) servers across your service territory. 

How do you identify which assets are being compromised and what type of data is involved?

Warrant that your organization is involved in network security environment (Security Operations Center, Security Incident Response Team, or Cyber Security Incident Response) investigating targeted intrusions through complex network segments or Be certain that your company is involved in operational technology engineering and security concepts. 

Have external information aggregators been evaluated for value in API security operations?

Warrant that your design is involved in Security Event and Incident Management (SEIM), Security Operations Center (SOC), endpoint protection, log aggregators, zero trust, and network security processes and tools. 

What are the needs for knowledge based systems in the context of managing knowledge?

Provide support to the Security Operations Center during incident response and threat hunting activities that includes cyber threat analysis support, research, recommending relevant remediation and mitigation. 

What are the advantages offered by bug bounty programs over normal testing practices?

Check that your workforce is involved in including network operations or engineering or system administration on Unix, Linux, MAC(Message Authentication Code), or Windows; common security operations, intrusion detection systems, Security Incident Even Management systems, Penetration Testing, Web Application assessment, Secure Coding practices. 

Are development, test and operational facilities separated to reduce the risk of unauthorized access or changes to the operational system?

Interface so that your workforce is responsible for detection capabilities including log management SIEM, continuous monitoring network security monitoring, threat hunting, penetration testing, vulnerability scanning, web app scanning, data loss prevention, security operations center, threat intelligence. 

How can auditors create the own RPA routines to execute more controls efficiently?

Make sure the Cyber Security Operations (SecOps) Engineer operates, maintains, and streamlines the information security teams Incident Response Program (IRP), Security Incident and Event Management (SIEM), automation, and authentication tools. 

How do security professionals view AI in terms of its maturity and fundamental capabilities?

Oversee that your staff assists with performing engineering support and system administration of specialized cybersecurity applications, systems and networks in a Cyber Security Operations Center (CSOC) environment to include installation, configuration, maintenance, patching, and back-up/restore. 

Do you investigate incidents and actively hunt for emerging threats in the cloud?

Develop experience working with information security teams such as fusion centers, security operations centers, vulnerability assessment, vulnerability threat management, security incident management, cyber hunt, and big data analysis. 

RISK:

How has the frequency of malware incidents changed over the past year within your organization?

Check that your organization projects goals could be focused around people, process, or tools concerning IT Service Management (ITIL), HR Information Systems, (internal) customer Service Management, IT Security Operations, IT Governance Risk and Compliance, Facilities, Project and Portfolio Management, IT Financial Management, Organizational Change Management, and or IT Operations Management Oriented topics. 

Are intelligence feeds integrated into your defense and response systems and, if so, how?

Safeguard that your operation is performing technical and competitive analysis of Risk, Controls, Third Party Management, Security Operations solutions, including integration with enterprise information security and information technology applications and data feeds. 

Is your organization gathering information on cybersecurity capabilities and incidents?

Contribute broadly to advance the capabilities of your Compliance Operations team through integration of governance risk and compliance systems with security operations systems to automate recurring compliance tests or audits. 

What are the sources of external data that your Security Operations team can leverage to develop and maintain its context aware understanding?

Certify your company directs strategy to assess and mitigate risk, manage incidents, maintain continuity of security operations and safeguard your organization. 

How would you grade your ability to communicate with upper level management, customers, and peers?

Make sure your workforce communicate to executive management on the effectiveness of Security Operations including policy violations, security risks, progress of all security related remedial actions and metrics. 

Do you have the appropriate certification(s); for example, certified to security operations management system standards as ISO 18788?

Partner with internal Security Operations and Engineering to ensure risks are well understood and proposed countermeasures are effective at mitigating risk. 

Who are most responsible for ensuring security objectives are achieved within your organization?

Make sure the CISO is directly responsible for Strategy, Security Operations, Cyber Risk and Cyber Intelligence, Data Loss and Fraud Prevention, Security Architecture, Identity and Access Management, Program Management, Investigations and Forensics, Disaster Response and Business Continuity, Regulatory and (internal) customer Compliance, Personnel, Budget, and Governance. 

Which personnel would be involved in the containment, eradication, and/or recovery processes?

Ensure strong technical knowledge required, including security operations, engineering and cybersecurity, endpoint protection, governance, risk and compliance, and identity management. 

Are responses to declared incidents developed and implemented according to predefined procedures?

Develop experience working across Security Operations, Risk Oversight, Audit is an asset. 

Does your organization have a formal security operations center or team that actively manages security incidents and events as they are generated?

Interface so that your company is responsible for the advancement of the information risk strategy to foster your organization environment that effectively manages information risk. 

MANAGEMENT:

Are there work streams that might be better handled through alternative sourcing or managed services?

Invest in establishing a mature and optimized Security Operations Center discipline to support managed security services focused on client-facing vulnerability and security information event management engagements. 

How do you identify which assets are being compromised and what type of data is involved?

Make sure your organization is involved in security technologies including Video Surveillance, Access Control, and Incident Management Systems, Security Operations Centers. 

Is there password protection in place for employee access to all computers and electronic records?

Safeguard that your company is hiring, managing, and developing the operations management team including compute operations managers, engineering operations managers, logistics operations managers, and security operations managers. 

Do you have a security operations center focused on detecting and responding to cyber threats?

Guarantee your organization identifies, develops, and maintains the skills and capabilities of the public safety personnel and security officers at a best-practice level including implementing training programs regarding risk mitigation, security operations, threat assessment, investigations, use-of-force guidelines, and emergency management. 

How is the system integrated along with existing security operations centers and infrastructure, as security cameras, data connectivity, and display systems?

Ensure your process is consulting Expertise in (internal) customer Experience/Service, ITSM, HR Service Delivery, Enterprise Service Management, Business Application Development, or Security Operations. 

Is the risk reporting to the board balanced and does it reflect the present and potential future situation?

Make sure the contract supports multiple functional areas, including Desktop Virtualization, IT Service Management, Systems Engineering and IT Security Operations. 

How do you get the best work from your subordinates?

Drive strategic cloud operations and build Cloud Center of Excellence maturing management, operations, SLAs and KPIs for critical systems. 

Are appropriate implementation and performance measures identified, applied, and analyzed?

Be certain that your group collaborates with program management and facility administrators to establish goals and objectives and develop and implement guidelines, procedures, policies, rules, and regulations to enhance programs and services; uses data to direct decision-making processes; oversees and participates in the development and implementation of activities designed to ensure legislative and program performance measures are met. 

What are potential risks involved with implementing security cooperation activities?

Liaison so that your team provides guidance to and works collaboratively with compliance areas, Legal, IT, Planning and Project Execution Units, and the Enterprise Portfolio Management Office to identify and implement improvements in your organizations regulatory process. 

What areas/processes of the business represent the most impact to revenue if the service is lost?

Represent the Incident Response team for Proactive Threat Management triage and engagement. 

DATA:

What is your management system around data isolation that would lead to data privacy?

Develop and mature ICS Security Operations Center (SOC), identify anomalous behavior, perform data analysis, and lead incident response activities. 

What would it cost to have an outside organization to perform monitoring of target systems?

Ensure strongly prefer involvement in assessing or building end-to-end cybersecurity solutions, including data protection solutions, security incident and event monitoring platforms, threat and vulnerability programs, security operations centers and other cybersecurity solutions. 

How do you keep up with real time monitoring, threat detection and malicious code detection without being flooded by false positives?

Interface so that your operation oversees the enterprise level components of the programs and partners closely to integrate with the Security Operations team on operational components of Application Security testing and monitoring and Data Loss Prevention tuning and monitoring. 

What happens when the endpoint is no longer connected to your corporate network or Internet?

Work closely with security operations in the identification, escalation, and resolution of all data security related incidents. 

Which background describes your role before you became involved in security awareness?

Ensure your design is involved in security operations, data analytics, forensic analysis, fraud detection, cyber intelligence. 

What level of security depth does your security operations staff possess, and for what support time frames?

Consume both qualitative and quantitative data sources to produce threat monitoring tactics and monitoring strategies to support the needs of technology and business audiences. 

How do you support audit/compliance requirements?

Support major M and A transactions and complex strategic initiatives to ensure accountability for both data and privacy legal/regulatory compliance and strategic advising; this includes providing advice on secure, confidential and compliant exchange of data during negotiations and due diligence, performing due diligence activities and advising on data and privacy related risks and possible remediation, provide input for agreements and support during negotiations, and advise on and support post-close remediation and integration actions. 

What processes are you using to detect vulnerabilities within your control system networks?

Liaison so that your process has involvement utilizing geographic information system and data visualization tools. 

What percentage of your organizations IT personnel support IT security operations?

Liaison so that your design designs and develops maintenance applications to support the data integration solutions. 

How has the severity of malware incidents changed over the past year within your organization?

Develop experience gathering and analyzing data to create metrics that support positive change and continuous improvement recommendations. 

OPERATIONS:

How does your organization monitor its production database servers to detect suspicious activity?

Make sure the Security Operations Analyst is responsible for assisting with the full life cycle of security operations, including identifying and analyzing potential threats, supporting prevention and detection methodologies, assisting with incident response and monitoring functions, as well as continuously recommending improvements to security operations. 

How do you evaluate the effectiveness of your organizations cyber risk program?

Make sure the Tech Lead, IT Security Operations Engineer supports the Manager, Information Security Operations, IT departments, and Risk Management by researching technologies, remediating security vulnerabilities, oversight of system patching, and conducting security oversight functions. 

What are the licensing conditions that licensed cybersecurity service providers have to comply with?

Develop experience working with Security Operations and Engineering teams to provide input for regulatory and security audit items. 

How would you rate your vulnerability or risk posture against targeted threats and attacks?

Provide recommendations on analysis techniques and enhancements to security operations to identify and defend against attacks. 

Is the it system or its information used to support any activity which may raise privacy concerns?

Make sure the VP of Managed Services is responsible for overall quality of implementations, security operations, ongoing support, and related services for your (internal) customers. 

What controls are in place already that may mitigate the risk of the vulnerability?

Be sure your strategy is responsible for monitoring intelligence sources including news and social media to identify risks, build social intelligence, and mitigate risks to Company operations through communication and advisories to impacted business units. 

What factors affect your organizations decision to support that level of investment?

Provide direct support of management functions including Human Relations, Business Development, Operations and Finance, corrective actions, and adherence to organization policy. 

What support, either administrative or technical assistance, did you receive in your previous positions?

Be proactive during operations or crisis response to provide intelligence to support operations as well as to ensure that operations tracking systems are up to date during a crisis or event. 

How do you evaluate and optimize your data collection capability?

Be confident that your team performs routine (journey level) managerial work administering the daily operations and activities of your organizations business function, division, or department. 

How does the overall protection system operate to accomplish its routine and emergency tasks?

Interface so that your organization coordinates, monitors, and evaluates program activities and operations; ensures compliance with laws, rules, regulations, policies, procedures, and standards; oversees the preparation of and review of forms and records; oversees the preparation of or prepares management and operational reports; oversees the preparation of or prepares serious and critical incident reports and debriefing reports; collaborates with program management and facility administrators in establishing goals and objectives and in the development of guidelines, procedures, policies, rules, and regulations; develops schedules, priorities, and standards for achieving goals; uses data to direct decision-making processes; and assists with the development and evaluation of budget requests. 

DEVELOPMENT:

How do you determine the required reaction times for services?

Support the development of Security Operations Center orchestration to reduce incident detection to response times. 

Can most project teams access automated code analysis tools to find security problems?

Serve as Integrated Systems Development Security Operations (DEVSECOPS) IT specialization responsible for developing and conducting automated testing. 

Do you have a segmented manufacturing network that controls devices that power and run the manufacturing operations?

Oversee that your workforce is responsible for the strategy, development and deployment of the comprehensive physical security operations program for your owned and leased facilities including offices, warehouses and distribution and manufacturing facilities. 

Is your organization retaining security data for longer periods of time now than it did in the past?

Invest in the development and maintenance of various security operations services including vulnerability scanning, configuration assessments, and anomaly detection. 

Does your organization have a written policy or process for each web privacy practices?

Operationalize the development, improvement and operational management of Security Operations, Monitoring and Incident Response practices, processes and solutions. 

Is your organization able to allocate appropriate resources to support current risk management policy and practice?

Be certain that your team is owning business partner relationship with IT development support team and any vendor relationships. 

Will there be a commitment from organization leadership to continue with AI systems?

Make sure your team is using applications and equipment knowledge to lead front line business development activities. 

What best defines your level of involvement in your organizations IT Security operations?

Manage the strategy, development and ongoing implementation of a Partner Support team that incorporates varying contract and program requirements. 

How do you assess the security of individual products relative to the security of the system as a whole?

Develop experience evaluating software development risk using relevant factors to assess the business impact. 

Have you paid for an outside organization to assist with incident investigations?

Make sure your process works at an enterprise level and in cross functional teams to invest in the development of strategic and enterprise plans. 

INCIDENT:

Is there a current security plan in place that addresses policies for access control and emergency response?

Perform data modelling and data prioritization exercises in order to manage and forecast storage capacity requirements and performance for solutions critical to the Security Operations Centers and Incident Response. 

Does each project team have access to secure development best practices and guidance?

Liaison so that your organization work with the Incident Response and Automation organizations to improve detection capabilities proactively, from best practices, and lessons learned from post mortems and feedback. 

How do you optimally design, configure, and deploy a cloud environment to support your compute workloads with the most resilient, scalable, and cost efficient approaches?

Secure that your organization provides first contact and incident resolution to (internal) customers with H/W, S/W, and application problems include both (internal) customer telephone support as well as electronically submitted requests. 

How have you ensured a team understands how its work connects into the work of your organization?

Assure your team leads complex threat assessment and consults leadership on incident impact and risk exposure. 

How are you doing on the MFA front when it comes to securing critical cloud accounts?

Develop experience using open source tools and techniques to collect and analyze information pertaining to threat/risk assessments, personnel or incident investigations, and/or geopolitical developments. 

With security threats growing in both volume and sophistication how does your organization keep up without aggressively ramping up the security operations team?

Participate in an on call rotation with the Incident Handling team to ensure (internal) customers are fully supported. 

What are the main benefits of using a threat hunting platform for security analysts?

Interface so that your workforce is dispatching and coordinating response to incidents that occur on organization premises, or events, using the appropriate communication methods. 

How do you assess the security of individual products relative to the security of the system as a whole?

Invest in or perform incident response technical activities to minimize impact to your organization. 

How can auditors create the own RPA routines to execute more controls efficiently?

Set up, conduct, and execute after action activities for cross functional area incident response activities. 

Can commercial industry participate to help develop requirements for commercial components?

Develop experience or evident knowledge in Incident response, log analysis and PCAP analysis. 

TECHNOLOGY:

Is your organization aware of the potential vulnerabilities in its ICS/SCADA environment?

Check that your design oversees all technology and IT security operations and projects for your organization to ensure 24/7/365 availability and uptime. 

Do access control procedures and policies exist to support the access control policy?

Guarantee your workforce develops, communicates and champions an effective and scalable framework for technology issue submission with measurable Service Level Agreements (SLAs) and Key Performance Indicators (KPIs) to support business strategy aimed at improving (internal) customer technology support in the organization. 

What mitigation measures or redundancies exist to protect the asset or the function it serves?

Safeguard that your team is accountable for technology incident management, problem management, change management serves as escalation contact for breached incidents and requests. 

Does your organization have a formal security operations center or team that actively manages security incidents and events as they are generated?

Make sure your team identifies, evaluates, and manages third party vendors, technology or processes for integration with information technology systems. 

What best defines your organizational role or function with respect to its cybersecurity program?

Establish that your staff owns the Technology Helpdesk strategy and execution, defines Key Performance indicators for infrastructure teams service delivery. 

Is most of your development staff aware of future plans for the assurance program?

Combine business needs, vendor roadmaps and technology trends to develop Enterprise Analytics platform and product roadmaps and future state architecture diagrams. 

What are the key drivers for producing performance reporting within your organization?

Ensure completion of Integration Facility testing and deployment of information technology requirements. 

How does your organization use intelligence to augment and improve your security and business operations?

Be sure your company is leveraging, developing, and/or managing technology solutions to enable and improve (internal) client solutions. 

CLOUD:

How do you determine the right level of investment?

Expand an entity managing network Security Operations Center (SOC) operations as an engineer or operator, including firewalls, intrusion detection, encryption, monitoring, vulnerability scanning, and authentication solutions for traditional and Cloudhosted IT systems. 

Have you directly participated in a leadership role a Crisis Management situation?

Lead the Security Operations Branch on incident response actions for security incidents affecting the multi cloud environment. 

Are there designated people and procedures in place for monitoring the early warnings of increasing threat levels and an escalation of security efforts in response?

Interface with cloud DevOps teams and security operations teams for maturing cloud security monitoring operations. 

How do you reduce the cost and risk of your solution?

Implement modern, cloud specific processes for cloud service portfolio management, new service intake, cloud operations, cloud monitoring, cloud issue management, cloud cost management, cloud financial operations, security operations, cloud service assembly and cloud service catalog. 

Is employee and management training support provided to address changing security needs and emerging threats and enhance skill levels?

Partner with division and department leaders and partners to help establish governance processes to enable automation and support Agile delivery and migration to Cloud. 

How do you ensure the ethical development of AI?

Develop experience implementing network segmentation, firewalls, and cloud computing architecture designs. 

How do you provide metrics, as information about threats that have been blocked?

Provide leadership for the cloud architecture strategy and resolution of architectural issues. 

How do you know if your security operations are aligned with your organizations risk?

Confirm that your staff is skilled in Python and implementing Infrastructure or Policy as Code (CloudFormation, Terraform, OPA). 

Can project teams access automated code analysis tools to find security problems?

Monitor multiple cloud and on prem environments through manual and/or automated tools and processes. 

NETWORK:

What specific technical areas do you have that can support deployment of AI technologies?

Proactively monitor, maintain, manage and support network and security operations infrastructure throughout the enterprise. 

How do you determine the required reaction times for services?

Implement event driven bidirectional data exchange capabilities between network and security devices to control network access and improve response times to cybersecurity incidents. 

Do you have an approved policy, strategy, plan and budget for securing the product/service?

Perform reviews and assessments, and make recommendations with respect to network security model in accordance with approved compliance standards. 

Are the majority of the protection mechanisms and controls captured and mapped back to threats?

Work with Network Operations Center Field Ops (internal) customer Support to drive accountability and recommend process improvement where necessary. 

How do you optimally design, configure, and deploy a cloud environment to support your compute workloads with the most resilient, scalable, and cost efficient approaches?

Ensure you have involvement with networking, topology, infrastructure specifically with IPv6 security requirements. 

How have you addressed the human factors in ensuring security controls are effective?

Integrate enterprise, regional, and local IT systems ensuring current network operations are sustained or oversee the recovery. 

Do reporting activities include the performance of security measures, procedures or controls?

Maintain a database of site and circuit information which can be used for incident management, circuit inventory management and reporting on overall Wide Area Network bandwidth capacity. 

Are development, test and operational facilities separated to reduce the risk of unauthorized access or changes to the operational system?

Guarantee your organization develops, promotes, and maintains standards for enterprise network systems, project management, technical system configuration, systems integration, testing, and training, and oversees these processes for implementations, upgrades, and other system changes. 

How do you balance human insight and machine generated prediction to optimize CX?

Oversee enterprise network architectural analysis, to include Analysis of Alternatives (AoA), for feasibility, thoroughness, security, reliability and provide recommended action to the organization program management team. 

How are big data platforms used to support the collection/analysis of network and endpoint data?

Assure your company coordinates resources to meet (internal) customer expectation for a portfolio of projects, change requests, maintenance activities and support tickets related to enterprise network systems.