다음 자료는 모 외국계 금융회사에서 사용하는 실제 리스크 평가 자료의 일부입니다. 여러분의 회사는 리스크 관리를 체계적으로 하나요?
Operational Risk
| Risk Area |
Interview Question |
Interview Results |
|
Performance Management
|
-
Describe the tools and processes that will be used to monitor network, systemm, and application performance.
-
Describe the tools/hardware/software in place to enhance system performance (e.g. load blancers, redundancy, etc.).
-
What are the gaps in your current ability to proactively monitor network system performance and application performance?
|
-
We gave separate custom built monitoring and tool systems watching all the applications and components
-
N.A.
|
|
Operations
|
-
Does the service provider use write-once technology for storing audit trails and security logs? If not, who may alter these logs?
-
Does the service provider have documented procedures for evaluating security alerts from operating system and application vendors and for installing security patches and service packs?
-
Is the operating sysstem on production servers hardened (e.g. web, application, database)? Is there a documented policy for this?
|
|