How many exercises are performed annualy?
In case of incident, do you have a procedure in place to tranfter forensic data for investigation?
Do you maintain real time anomaly detection capabilities across mission critical networks?
Do you maintain human resources capable of performing research over anomalies discovered?
Establish and maintain a cyber incident response team that can investigate an issue physically or virtually at any location within 24 hours.
Do you perform unannounced operational exercises to demonstrate technical and procedural responses?
Do you deploy tools enabling telemetries, log collection and forensics data of endpoint/servers and network?
Is there a company incident response policy which specifically outlines requirements for handling of incidents involving ‘s data?
Please describe the SOC operative procedures (monitoring, skills, detection, IR)
Do you address attacker TTP (tactics, techniques, and procedures) in incident response planning and execution?