다음 자료는 모 외국계 금융회사에서 사용하는 실제 리스크 평가 자료의 일부입니다. 여러분의 회사는 리스크 관리를 체계적으로 하나요?
|Risk Area||Interview Question||Interview Results|
Describe the tools and processes that will be used to monitor network, systemm, and application performance.
Describe the tools/hardware/software in place to enhance system performance (e.g. load blancers, redundancy, etc.).
What are the gaps in your current ability to proactively monitor network system performance and application performance?
We gave separate custom built monitoring and tool systems watching all the applications and components
Does the service provider use write-once technology for storing audit trails and security logs? If not, who may alter these logs?
Does the service provider have documented procedures for evaluating security alerts from operating system and application vendors and for installing security patches and service packs?
Is the operating sysstem on production servers hardened (e.g. web, application, database)? Is there a documented policy for this?