Is there a centralized logging service?
Is there a 24/7 alerting, monitoring, and response process?
Do you have any integration with Cloud Security providers? (for example: Cloud App Security of Azure, API to connect with a CASB, etc.)
Is there a formal control monitoring access and changes to System Administrator privileges?
Are servers configured to capture who accessed a system and what changes were made?
Do you have a SIEM or event correlation engine and is all log data from servers storing and processing data
being sent to the SIEM?
Are regular host-level vulnerability scans performed and identified critical vulnerabilities mitigated in a timely manner?