Examples of Security Questionaires Response from relevant organization staffs
Does the current billing system has been subjected to any specific security audit or assessment in the last: 6 months 12 months Has there been any incident or case where the current billing system has been compromised (internally or externally)? Does the current billing system been installed behind a Firewall? If Yes, what Firewall is being used today. Does the current billing system located in a DMZ network(s)? Does the billing system being accessed by end user(s) from outside of the Corporate network? If Yes, how does this access being permitted – what technology is being adopted for end user remote access (VPN or Dial up RAS)? Do you know when was the last security patch that has been implemented related to the Operating System of the billing system? Do you know when was the last security patch that has been implemented related to the Database system of the billing system? What anti-virus software or application being used for the billing system? Do you know whether the antivirus application implemented using a “managed” client/server architecture, or in a stand-alone configuration? Does the integration of the billing system with other systems uses web services? If Yes, do you know what type of authentication do you use for your web services (PubCookie, Windows Integrated, htaccess, etc.)?