SOC services Questionnaire

Customer Name :

Bussiness Type :

Contact Details :

# Pre questionnaire

1 Number of Locations where you have presence.

Number of Users? If multiple locations, specify number of users per
2
location.
Firewall: Make/Model: if multiple,specify the count along with Make and
3
Model

Is there an Active Directory in place? If yes, please specify what AD is used

4
and how many users are connected.
Are you using 2-Factor authentication ? If yes, which provider and how are
5
you using them?

6 Bandwidth up/down

7 Number of Desktops

8 Number of Laptops

9 Number of Windows Servers

10 Number of Linux Servers

11 Number of Web Servers

12 Number of Email Servers

13 VPN Server, if any

14 Number of Switches

15 Number of Routers

16 IPS/IDS (if any)

Are you using antivirus, EPP or EDR? If yes, please mention the name of the
17
brand and license type.
18 List of Operating Systems on Computers

19 What other security devices/software is in use on your network?

20 What are using for Data Backup?

21 Do you utilize any virtualization technology like VMWare, Hyper-V or Citrix?

How is the network currently being monitored? 3rd party externally or with
22
internal software. Please be specific with your response.

23 If any current SIEM solution being used what is EPS/MPS Consumption?

24 How are you capturing changes to the network? Policy? Systems?

Are you capturing & storing logs now for monitroing or complaince? If yes,
25
please specify log method, storage location(s) and retention policy.

26 What is your Email Service Platform?

27 Are emails scanned/filtered? If so, by what service/solution?

28 Is web filtering employed?

Are you using any secure email delivery service? If so, please specify
29
solution/provider.
30 Are you using VoIP?

31 Are you using any other Cloud hosted solutions?

32 Are you using any other SaaS solutions?

Do you have a Cybersecuity Awareness practise in your organization? If yes,

33 how often is the training conducted and how often is the phishing
simulation done?

For mobile devices, are you currently employing Mobile Device

34
Management?

35 What is your current Patching solution and how often do you patch?
Are you subject to any regulatory requirements, i.e., PCI, HIPAA, CJIS,
36
DFARS/CMMC etc.?
37 Do you have an active and practiced Incident Response Plan?

38 Do you maintain cyber security insurance?

39 What do you perceive as your major security risks?

40 Have you identified how unauthorized disclosure of your data may occur?

41 Do you store and work with customer PII (Private Identifiable Information)?

What are the log sources that you plan to ingest and average daily ingestion
42
volume for the same?
 What is the time frequency of unique fraud vectors that you encounter in
43
your organization?

# Pre questionnaire (DLP - Data Loss Prevention)

1 What are the current rules in the DLP?

What apps are allowed in the envoirment to upload the data (i.e Microsoft
2
OneDrive , Google Drive,iCloud etc.)?

3 What is the current false positive summary?

4 Is DLP deployed for both on prem & Cloud?

6 How frequently DLP policy being reviewed?

tionnaire

Log retention
period Total Number Total EPS Total EPS
(in days) of Devices per day

180 0 0 0

Details
Details
 Total Storage
Average Event Storage per Requirement
Size (in KB) Day (in GB) (in GB)

0 0 0
 SOC services Questionnaire

Customer Name :
Bussiness Type :
Contact Details :

# Pre questionnaire
1 Detailed Asset Inventory
a. How many laptops are currently in use within your organization?
b. How many desktop computers do you have?
c. Are these endpoints centralized in one location or distributed across multiple sites?
d. What operating systems are these endpoints running (e.g., Windows, macOS, Linux)?
e. How many servers do you operate?
f. What are the roles of these servers (e.g., application servers, database servers, file servers)?
g. What operating systems are installed on these servers?
h. Are your servers hosted on-premises, in the cloud, or both?
i. How many network devices (e.g., routers, switches, firewalls) are part of your infrastructure?
j. What brands and models are these devices?
k. How are these network devices configured in terms of access control and security settings?
l. What critical applications are in use (e.g., CRM, ERP, custom financial applications)?
m. Are these applications web-based, client-server, or a mix of both?
n. What are the primary functions of these applications?
o. How are these applications integrated with your other systems?

2 Data Storage and Management

a. What types of databases are in use (e.g., SQL, NoSQL)?
b. Where is your data stored (on-premises, cloud, hybrid)?
c. What are the sizes of these databases and their growth rates?
d. How is data security managed (e.g., encryption methods, access controls)?

3 Cloud Services
a. What cloud platforms are you using (e.g., AWS, Azure, Google Cloud)?
b. What services are you utilizing on these platforms (e.g., IaaS, PaaS, SaaS)?
c. What are the security controls in place for your cloud environments?

4 Remote Access
a. How do employees access your network remotely?
b What types of VPN or other secure access technologies are in use?
c Are there any policies in place regarding remote work and device security?
5 User Access Management
a. How is user access to systems and applications managed?
b. How many user accounts are there, and what are their privilege levels?
c. Are there regular audits of user access rights?

6 Compliance and Audit Requirements

a. Are there specific industry compliance standards you need to meet (e.g., PCI DSS, HIPAA, SOX)?
b. What is your current compliance status, and when was the last audit conducted?
c. What were the findings from the last audit, and have they been addressed?

7 Security Policies and Procedures

a. Do you have documented security policies and procedures?
b. When were these policies last reviewed and updated?
c. How is policy compliance monitored and enforced?

8 Cybersecurity Practices and Frequency

a. How often do you conduct cybersecurity awareness and social engineering training for your staff?
b. How frequently do you perform VAPT?
c. Who conducts these tests (internal team or external vendors)?

9 Security and Compliance Tools

a. What patch management solution is currently utilized?
b. How frequently are patches applied?
c. Are you using any DLP or DRM tools? If yes, please specify the tools and their scope of coverage.
d. Do you have a WAF in place? What technologies or services are you using?

10 Incident Response and Risk Management

a. Do you have an active and practiced Incident Response Plan?
b. When was the last time it was updated or tested?

11 Cybersecurity Insurance
a. Do you maintain cybersecurity insurance? What does it cover?

12 Security Risks
a. What do you perceive as your major security risks?
b. Have you identified specific scenarios for unauthorized data disclosure?

13 Data Management and Privacy

a. Do you store and work with customer PII? How is this data protected?

14 System and Network Monitoring

a. What are the primary log sources you plan to ingest into the SOC?
b. What is the average daily log ingestion volume?
c. How are logs currently captured, stored, and retained?

15 Email and Web Security

a. What platform do you use for email services?
b. Are emails scanned or filtered? If so, by what service or solution?
c. Is web filtering employed in your organization? What tools or services are used?
d. Are you using any secure email delivery services? If so, please specify the solution or provider.

16 Virtualization and Technology

a. Do you utilize any virtualization technology like VMWare, Hyper-V, or Citrix?
 Log retention Average
period Total Number Total EPS Total EPS Event Size
(in days) of Devices per day (in KB)

180 0 0 0 0

Details
or your staff?

of coverage.
 Total
Storage per Storage
Day (in GB) Requireme
nt (in GB)
0 0