Scribd Logo
Upload

Welcome to Scribd!

  • Inquiries Related To Cybersecurity - v2

    Uploaded by

    Lucas
    9 views2 pages
    This document contains questions from regulators about a company's cybersecurity program and responses from the company. The questions cover topics such as the organization of the cybersecurity group, the metrics and reporting they use, how they manage and monitor cyber risks, the tools and capabilities they use, their incident response procedures, security awareness programs, and how management assesses internal controls for cyber-related fraud risks. The company provides descriptions of its people, processes, and technologies for each of these areas of its cybersecurity program.

    Original Description:

    Original Title

    Inquiries related to Cybersecurity_v2.docx

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document contains questions from regulators about a company's cybersecurity program and responses from the company. The questions cover topics such as the organization of the cybersecurity group, the metrics and reporting they use, how they manage and monitor cyber risks, the tools and capabilities they use, their incident response procedures, security awareness programs, and how management assesses internal controls for cyber-related fraud risks. The company provides descriptions of its people, processes, and technologies for each of these areas of its cybersecurity program.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    9 views2 pages

    Inquiries Related To Cybersecurity - v2

    Uploaded by

    Lucas
    This document contains questions from regulators about a company's cybersecurity program and responses from the company. The questions cover topics such as the organization of the cybersecurity group, the metrics and reporting they use, how they manage and monitor cyber risks, the tools and capabilities they use, their incident response procedures, security awareness programs, and how management assesses internal controls for cyber-related fraud risks. The company provides descriptions of its people, processes, and technologies for each of these areas of its cybersecurity program.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 2

    Company:

    Prepared by: Date

    Job Title: Signature:

    Contact No: Email Address:

    Inquiries related to Cybersecurity Response to inquiries

    1. Where does Cybersecurity Group sit in the


    organization?

    2. What are the metrics (KPIs, KRIs) used by


    Cybersecurity Group?

    3. In relation to metrics, are there reports being


    submitted to Risk Management Group? Are there
    reports being submitted to Executive Management?
    How frequent is the reporting occur? 

    4. How do you manage cyber risks (including who


    does what and when)? From identification,
    assessment, analysis to treatment? Please expound
    how these cyber risks are translated/reflected to
    enterprise-wide risks.

     5. Who monitors these risks? How does Cyber


    Group ensure treatment (either mitigation or
    acceptance) are applied?

    1. Do you have a Security Operations Centre? If not,


    who's doing monitoring and incident response?

    2. What is the coverage of the monitoring? (i.e.


    devices/apps being monitored, 24/7 or 24/5 or 8/5,
    location)

    3. What are the various software/tools/solutions used


    for Monitoring?

    4. What are the security detection


    capabilities/solutions in place? Kindly indicate the
    coverage of each security detection capability.

    5. What are the proactive effort on


    detecting/preventing cybersecurity threats? Kindly
    specify the enablers (i.e. tools, program/process)

    6. Kindly discuss your incident response procedure,


    from Preparation-Identification-Containment-
    Eradication-Recovery/Restoration-Lesson Learned

    7. How do incidents are being reported to Senior


    Management? (Describe who does what and when,
    escalation matrix and corresponding thresholds)
    1. Have you encountered any cyber security incident
    which may have directly and/or remotely affected
    your financial systems?

    2. Kindly provide the details, what happened, when it


    happened and the duration of the incident, how was
    it resolved, and the impact to the organization?

    1.Can you describe your program for Security


    Awareness? Kindly list the activities and frequency of
    performance. 

    2. Have you conducted any Social Engineering


    Exercise to evaluate the security awareness of your
    employees?

    3. Can you describe the process/procedure if an


    employee would like to report a suspected phishing
    email/scam or malicious link? And once it's reported,
    what are the steps being taken before closure?

    1. How does Management assess its internal


    accounting controls in light of risks arising from
    cyber-related frauds (e.g., BEC scams, spoofing,
    phishing, etcetera)

    You might also like