205 In-Depth Managed Security Service Provider Questions for Professionals

What is involved in Managed Security Service Provider

Find out what the related areas are that Managed Security Service Provider connects with, associates with, correlates with or affects, and which require thought, deliberation, analysis, review and discussion. This unique checklist stands out in a sense that it is not per-se designed to give answers, but to engage the reader and lay out a Managed Security Service Provider thinking-frame.

How far is your company on its Managed Security Service Provider journey?

Take this short survey to gauge your organization’s progress toward Managed Security Service Provider leadership. Learn your strongest and weakest areas, and what you can do now to create a strategy that delivers results.

To address the criteria in this checklist for your organization, extensive selected resources are provided for sources of further research and information.

Start the Checklist

Below you will find a quick checklist designed to help you think about which Managed Security Service Provider related domains to cover and 205 essential critical questions to check off in that domain.

The following domains are covered:

Managed Security Service Provider, Managed security service, 24/7 service, Check Point, Cloud computing, Computer appliance, Customer premises equipment, Data theft, Denial of service, Dial-up Internet access, Electronic mail, Email filtering, IT professionals, IT security, Information Systems Security, Information security, Information security operations center, Internet Service Providers, Internet security, Internet service provider, Intrusion detection, Intrusion detection system, Network administrator, Network security, North America, Point of Presence, Security as a service, Security audit, Security policies, Service provider, Social engineering, US West, Virtual Private Network:

Managed Security Service Provider Critical Criteria:

Consider Managed Security Service Provider planning and point out improvements in Managed Security Service Provider.

– Encryption helps to secure data that may be stored on a stolen laptop but what about the sensitive data that is sent via e-mail or downloaded to a USB device?

– During the last 3 years, have you been the subject of an investigation or action by any regulatory or administrative agency for privacy related violations?

– Do you have a written business continuity/disaster recovery plan that includes procedures to be followed in the event of a disruptive computer incident?

– What is your estimated recovery time for critical systems to restore operations after a cyber attack or other loss/corruption?

– In the next 12 months will you accept, store, process, or exchange credit/debit card transaction information?

– Does your company have a current information security policy that has been approved by executive management?

– Are user accounts audited regularly to determine their security levels are appropriately set?

– Is anti-virus software installed on all computers/servers that connect to your network?

– Do you regularly audit 3rd parties with whom you have data sharing agreements with?

– In the managed security scenario, is there a periodic reporting procedure?

– Is your security policy reviewed and updated at least annually?

– Do you have any data sharing agreements with any 3rd parties?

– Do you require sub-contractors to carry E&O insurance?

– Have you had a security audit performed in the past?

– Response What should the response to incidents be?

– Who has authority to customize contracts?

– Indemnification Clause to your benefit?

– Should You Place Security Within IT?

– Do you have a privacy policy?

– What can be self certified?

Managed security service Critical Criteria:

X-ray Managed security service strategies and describe the risks of Managed security service sustainability.

– Do you have written clearance procedures in place regarding use, licensing, and consent agreements for third party content used by you in your products or services and on your website or in your promotional materials?

– Is there an appropriately trained security analyst on staff to assist in identifying and mitigating incidents involving undetected malware?

– Is data (i.e. personal information) encrypted on laptops and other mobile devises used for storing and transferring data?

– If Data and/or Private Information is not in electronic form, what precautions are taken to ensure its security?

– Are systems regularly audited to identify inappropriate code and/or applications that have been installed?

– Do you sell or share the personal subscriber/customer information with other unaffiliated 3rd parties?

– In the past 12 months, have you had layoffs or do you anticipate layoffs in the coming 12 months?

– Do you have legal review of your content performed by staff or outside attorney?

– Do you monitor log files on a regular basis to help spot abnormal trends?

– Do you have log/event monitoring solutions in place today?

– Is the anti-virus software package updated regularly?

– Where do I send suggestions for waiver amendments?

– What is the average contract value and duration?

– Can Managing Enterprise Security Be Made Easier?

– Is sensitive information involved?

– Security Considerations -What?

– Do you have VoIP implemented?

– Do you have remote users?

– Should you hire a hacker?

24/7 service Critical Criteria:

Concentrate on 24/7 service tactics and question.

– At what point will vulnerability assessments be performed once Managed Security Service Provider is put into production (e.g., ongoing Risk Management after implementation)?

– Does Managed Security Service Provider create potential expectations in other areas that need to be recognized and considered?

– What new services of functionality will be implemented next with Managed Security Service Provider ?

Check Point Critical Criteria:

Systematize Check Point outcomes and find out.

– Can we do Managed Security Service Provider without complex (expensive) analysis?

– What are the Key enablers to make this Managed Security Service Provider move?

– What are the business goals Managed Security Service Provider is aiming to achieve?

Cloud computing Critical Criteria:

Think about Cloud computing goals and probe using an integrated framework to make sure Cloud computing is getting what it needs.

– Security and authentication technologies, allied to event logging, in the cloud computing environment can help auditors as they deal with issues related to workflow were those who entered, approved, changed or otherwise touched data authorized to do so, on an individual, group or role-related basis?

– Well-defined, appropriate concepts of the technology are in widespread use, the technology may have been in use for many years, a formal mathematical model is defined, etc.)?

– What impact has emerging technology (e.g., cloud computing, virtualization and mobile computing) had on your companys ITRM program over the past 12 months?

– Time to market improvements. Will the move to cloud computing shorten the time it takes to deliver functional enhancements to end users?

– What are some common barriers to exiting transitioning from a cloud computing service provider and how can they be addressed?

– Have you considered that metrics collection, and system performance and security monitoring are more difficult in the cloud?

– For a customer-facing application, is the move to cloud computing expected to increase the number of customers accessing it?

– What are the existing or planned mechanisms to assess the interoperability of different vendor implementations?

– How should we report on the geographic location (street address) for cloud computing solutions?

– What are the implications of cloud computing to enterprise application integration?

– When is utility computing preferable to running a private cloud?

– What should telcos be focusing on in 5 10 years?

– Resource provisioning algos in cloud computing?

– What is scalability and why is it important?

– Can we accelerate DevOps with Hybrid Cloud?

– What Is the Lifecycle Services Framework?

– What problems does cloud computing solve?

– What is a benefit of cloud computing?

– Cloud computing: could it cost more?

– Fedramp approved/compliant?

Computer appliance Critical Criteria:

Brainstorm over Computer appliance engagements and inform on and uncover unspoken needs and breakthrough Computer appliance results.

– For your Managed Security Service Provider project, identify and describe the business environment. is there more than one layer to the business environment?

– Do the Managed Security Service Provider decisions we make today help people and the planet tomorrow?

– Have all basic functions of Managed Security Service Provider been defined?

Customer premises equipment Critical Criteria:

Model after Customer premises equipment governance and modify and define the unique characteristics of interactive Customer premises equipment projects.

– Do several people in different organizational units assist with the Managed Security Service Provider process?

– Are we Assessing Managed Security Service Provider and Risk?

– Why are Managed Security Service Provider skills important?

Data theft Critical Criteria:

Powwow over Data theft visions and prioritize challenges of Data theft.

– Think about the people you identified for your Managed Security Service Provider project and the project responsibilities you would assign to them. what kind of training do you think they would need to perform these responsibilities effectively?

– What are your most important goals for the strategic Managed Security Service Provider objectives?

Denial of service Critical Criteria:

Group Denial of service goals and cater for concise Denial of service education.

– An administrator is concerned about denial of service attacks on their virtual machines (vms). what is an effective method to reduce the risk of this type of attack?

– How easy would it be to lose your service if a denial of service attack is launched within your cloud provider?

– What other jobs or tasks affect the performance of the steps in the Managed Security Service Provider process?

– How do we Identify specific Managed Security Service Provider investment and emerging trends?

– What ability does the provider have to deal with denial of service attacks?

– Is Managed Security Service Provider Required?

Dial-up Internet access Critical Criteria:

Discourse Dial-up Internet access decisions and optimize Dial-up Internet access leadership as a key to advancement.

– Is maximizing Managed Security Service Provider protection the same as minimizing Managed Security Service Provider loss?

– What are our needs in relation to Managed Security Service Provider skills, labor, equipment, and markets?

Electronic mail Critical Criteria:

Investigate Electronic mail visions and catalog Electronic mail activities.

– How do you incorporate cycle time, productivity, cost control, and other efficiency and effectiveness factors into these Managed Security Service Provider processes?

– Think about the functions involved in your Managed Security Service Provider project. what processes flow from these functions?

– How do we know that any Managed Security Service Provider analysis is complete and comprehensive?

Email filtering Critical Criteria:

Do a round table on Email filtering strategies and find out.

– How do you determine the key elements that affect Managed Security Service Provider workforce satisfaction? how are these elements determined for different workforce groups and segments?

– Do we monitor the Managed Security Service Provider decisions made and fine tune them as they evolve?

IT professionals Critical Criteria:

Have a session on IT professionals failures and pay attention to the small things.

– What is the experience level of the organizations IT professionals, including their ability to negotiate and engage in technical discussions in a foreign language (particularly for non English speakers)?

– How do we ensure that implementations of Managed Security Service Provider products are done in a way that ensures safety?

– What are the long-term Managed Security Service Provider goals?

IT security Critical Criteria:

Participate in IT security leadership and slay a dragon.

– Does your department or organizational unit manage or support computing resources (data bases, hardware, web pages, etc.) that are used by people that access those resources from outside your department?

– If the organization will be using existing account directories, what are the performance and security implications if directories are regularly shadowed/replicated?

– How do you rate your level of involvement in recruiting and retaining qualified IT security personnel in your organization?

– Approximately, what is the percentage of it security jobs at or above the supervisory level that remain open and unfilled?

– Does the firm have appropriate IT security policies governing user access that are effectively implemented?

– Have total life-cycle support, ease-of-use, scalability, and interoperability requirements been determined?

– How quickly after a new attack is made public will the vendor ship a new signature?

– Does training account for various working environments (home, office, contractors)?

– Why should general managers care about IT security breaches?

– Has the vendor developed a security configuration guide?

– How do we know if our current service(s) are adequate?

– What is the long-term viability of the vendor?

– What protocols are supported and/or filtered?

– How to Handle Email Spoofing / Phishing?

– What is the scalability of installation?

– What behavior do we want to reinforce?

– How does IT exploit a Web Application?

– Which needs are most critical?

Information Systems Security Critical Criteria:

Generalize Information Systems Security planning and cater for concise Information Systems Security education.

– How can we incorporate support to ensure safe and effective use of Managed Security Service Provider into the services that we provide?

– Think of your Managed Security Service Provider project. what are the main functions?

Information security Critical Criteria:

Detail Information security decisions and secure Information security creativity.

– Has the organization established an Identity and Access Management program that is consistent with requirements, policy, and applicable guidelines and which identifies users and network devices?

– Has specific responsibility been assigned for the execution of business continuity and disaster recovery plans (either within or outside of the information security function)?

– Are information security policies, including policies for access control, application and system development, operational, network and physical security, formally documented?

– Do we maintain our own threat catalogue on the corporate intranet to remind employees of the wide range of issues of concern to Information Security and the business?

– Does the ISMS policy provide a framework for setting objectives and establishes an overall sense of direction and principles for action with regard to information security?

– Is mgmt able to determine whether security activities delegated to people or implemented by information security are performing as expected?

– Are information security roles and responsibilities coordinated and aligned with internal roles and external partners?

– Have the roles and responsibilities for information security been clearly defined within the company?

– Does your organization have a chief information security officer (CISO or equivalent title)?

– Is information security ensured when using mobile computing and tele-working facilities?

– Is an organizational information security policy established?

– How to achieve a satisfied level of information security?

– What is the goal of information security?

Information security operations center Critical Criteria:

Consolidate Information security operations center governance and report on developing an effective Information security operations center strategy.

– Do we aggressively reward and promote the people who have the biggest impact on creating excellent Managed Security Service Provider services/products?

– How will we insure seamless interoperability of Managed Security Service Provider moving forward?

Internet Service Providers Critical Criteria:

Map Internet Service Providers planning and create Internet Service Providers explanations for all managers.

– How can you measure Managed Security Service Provider in a systematic way?

– What are current Managed Security Service Provider Paradigms?

– Do we have past Managed Security Service Provider Successes?

Internet security Critical Criteria:

Conceptualize Internet security visions and document what potential Internet security megatrends could make our business model obsolete.

– Are assumptions made in Managed Security Service Provider stated explicitly?

Internet service provider Critical Criteria:

Discourse Internet service provider outcomes and mentor Internet service provider customer orientation.

– Are there any disadvantages to implementing Managed Security Service Provider? There might be some that are less obvious?

– Can Management personnel recognize the monetary benefit of Managed Security Service Provider?

– How much does Managed Security Service Provider help?

Intrusion detection Critical Criteria:

Gauge Intrusion detection projects and correct better engagement with Intrusion detection results.

– What is the budget for acquisition and life cycle support of intrusion detection hardware, software, and infrastructure, including staffing to monitor and respond to intrusions?

– Are security alerts from the intrusion detection or intrusion prevention system (ids/ips) continuously monitored, and are the latest ids/ips signatures installed?

– Can intrusion detection systems be configured to ignore activity that is generated by authorized scanner operation?

– How do we measure improved Managed Security Service Provider service perception, and satisfaction?

– How important is Managed Security Service Provider to the user organizations mission?

– Is a intrusion detection or intrusion prevention system used on the network?

– Does the providers network have intrusion detection & prevention in place?

– What is a limitation of a server-based intrusion detection system (ids)?

– How do we maintain Managed Security Service Providers Integrity?

– The downside of Intrusion Detection?

Intrusion detection system Critical Criteria:

Reason over Intrusion detection system planning and differentiate in coordinating Intrusion detection system.

– Risk factors: what are the characteristics of Managed Security Service Provider that make it risky?

Network administrator Critical Criteria:

Do a round table on Network administrator visions and revise understanding of Network administrator architectures.

– You work as a network administrator for mcrobert inc. the company has a tcp/ip-based network. which of the following information should be documented to facilitate disaster recovery?

– What vendors make products that address the Managed Security Service Provider needs?

Network security Critical Criteria:

Examine Network security results and customize techniques for implementing Network security controls.

– Do we Make sure to ask about our vendors customer satisfaction rating and references in our particular industry. If the vendor does not know its own rating, it may be a red flag that youre dealing with a company that does not put Customer Service at the forefront. How would a company know what to improve if it had no idea what areas customers felt were lacking?

– Are the disaster recovery plan (DRP) and the business contingency plan (BCP) tested annually?

– What are all of our Managed Security Service Provider domains and what do they do?

– What are the usability implications of Managed Security Service Provider actions?

– What are internal and external Managed Security Service Provider relations?

North America Critical Criteria:

Accommodate North America risks and probe using an integrated framework to make sure North America is getting what it needs.

– In what ways are Managed Security Service Provider vendors and us interacting to ensure safe and effective use?

– What are our Managed Security Service Provider Processes?

Point of Presence Critical Criteria:

Debate over Point of Presence adoptions and triple focus on important concepts of Point of Presence relationship management.

– Think about the kind of project structure that would be appropriate for your Managed Security Service Provider project. should it be formal and complex, or can it be less formal and relatively simple?

– Is Managed Security Service Provider dependent on the successful delivery of a current project?

– Will Managed Security Service Provider deliverables need to be tested and, if so, by whom?

Security as a service Critical Criteria:

Tête-à-tête about Security as a service results and develop and take control of the Security as a service initiative.

– Who is responsible for ensuring appropriate resources (time, people and money) are allocated to Managed Security Service Provider?

– Why is it important to have senior management support for a Managed Security Service Provider project?

– Who will be responsible for documenting the Managed Security Service Provider requirements in detail?

Security audit Critical Criteria:

Face Security audit projects and acquire concise Security audit education.

– Are the results of security audits, incidents, and results from effectiveness measurements, suggestions and feedback from interested parties taken into account?

– What prevents me from making the changes I know will make me a more effective Managed Security Service Provider leader?

– Has our company undergone a whole-system, comprehensive Cybersecurity audit or assessment?

– Do you monitor the effectiveness of your Managed Security Service Provider activities?

– Are there recognized Managed Security Service Provider problems?

Security policies Critical Criteria:

Group Security policies governance and find the ideas you already have.

– Does the IT Security system require end-users to configure and maintain security policies, security professionals to individually manage policies per host, or is the configuration centrally managed?

– Are information security policies and other relevant security information disseminated to all system users (including vendors, contractors, and business partners)?

– How do you ensure that security policies are accurately and fully implemented across the cloud architectures you are using and buying into?

– Are employees required to sign an agreement verifying they have read and understood the security policies and procedures?

– How does the service providers security policies (e.g. contingency planning) differ from that of the organization?

– Are we requesting exemption from or modification to established information security policies or standards?

– Are our employees following the security policies and procedures that are in place such as secure data disposal?

– Have the types of risks that may impact Managed Security Service Provider been identified and analyzed?

– What potential environmental factors impact the Managed Security Service Provider effort?

– Are information security policies reviewed at least once a year and updated as needed?

– How do we capture corporate security policies and incorporate them into the system?

– Is the compliance of systems with organization security policies and standards ensured?

– Are we complying with existing security policies?

Service provider Critical Criteria:

Do a round table on Service provider quality and drive action.

– For the private information collected, is there a process for deleting this information once it is complete or not needed anymore?

– Is your privacy policy posted on your website and made available to your customers prior to them providing personal information?

– Do you conduct an annual privacy assessment to ensure that you are in compliance with privacy laws and regulations?

– If the service provider is eligible for certification, then what is the scope of the processes being audited?

– Does our security program adequately protected against opportunistic and targeted attackers?

– Does the cloud service provider have necessary security controls on their human resources?

– What percentage of revenues is generated from services provided by sub-contractors?

– How would the service provider handle emergency situations?

– Is there a patch management process in place?

– Prioritising waiting lists: How and why?

– What type of IDS system are you using?

Social engineering Critical Criteria:

Powwow over Social engineering decisions and achieve a single Social engineering view and bringing data together.

– In the case of a Managed Security Service Provider project, the criteria for the audit derive from implementation objectives. an audit of a Managed Security Service Provider project involves assessing whether the recommendations outlined for implementation have been met. in other words, can we track that any Managed Security Service Provider project is implemented as planned, and is it working?

– What are our best practices for minimizing Managed Security Service Provider project risk, while demonstrating incremental value and quick wins throughout the Managed Security Service Provider project lifecycle?

– Will our employees allow someone to tailgate into our facilities or will they give out their credentials to an attacker via social engineering methods?

US West Critical Criteria:

Define US West results and observe effective US West.

– Are there any easy-to-implement alternatives to Managed Security Service Provider? Sometimes other solutions are available that do not require the cost implications of a full-blown project?

Virtual Private Network Critical Criteria:

Investigate Virtual Private Network leadership and maintain Virtual Private Network for success.

– How likely is the current Managed Security Service Provider plan to come in on schedule or on budget?


This quick readiness checklist is a selected resource to help you move forward. Learn more about how to achieve comprehensive insights with the Managed Security Service Provider Self Assessment:


Author: Gerard Blokdijk

CEO at The Art of Service | http://theartofservice.com



Gerard is the CEO at The Art of Service. He has been providing information technology insights, talks, tools and products to organizations in a wide range of industries for over 25 years. Gerard is a widely recognized and respected information expert. Gerard founded The Art of Service consulting business in 2000. Gerard has authored numerous published books to date.

External links:

To address the criteria in this checklist, these selected resources are provided for sources of further research and information:

Managed Security Service Provider External links:

Managed Security Service Provider Securing Sensitive Data

Nuspire Networks | Managed Security Service Provider MSSP

Managed security service External links:

Managed Security Services – SecureWorks

Nuspire Networks | Managed Security Service Provider MSSP

Managed Security Service Provider Securing Sensitive Data

24/7 service External links:

Propane, Bioheat Oil, Wood Pellets & 24/7 service.

OHD Bellingham – Garage Doors | Openers | 24/7 Service

Check Point External links:

Check Point SSL Network Extender


Check Point (2017) – IMDb

Cloud computing External links:

Microsoft Azure Cloud Computing Platform & Services

REAN Cloud – Managed Services | Cloud Computing | DevOps

Computer appliance External links:

Best Schools for a Computer Appliance Repair Degree | 2017 …

What is COMPUTER APPLIANCE? What does …

Customer premises equipment External links:

Customer Premises Equipment – Qorvo

Universal Customer Premises Equipment (uCPE) – NFV SDN

Denial of service External links:

What is DDoS – Distributed Denial of Service? Webopedia

Denial of Service Definition – Computer

Dial-up Internet access External links:

Juno – Free Dial-Up Internet Access

What does dial-up internet access mean – answers.com

Electronic mail External links:

What is Email – Electronic Mail? Webopedia Definition


CIO-060 Internet and Electronic Mail Acceptable Use Policy

Email filtering External links:

Student Email – Email Filtering | Pierce College District

Roaring Penguin | The Anti-Spam and Email Filtering Experts

SpamExperts | Email Filtering & Archiving Solutions

IT professionals External links:

IT Professionals Staffing | LRS Consulting Services

Resources and Tools for IT Professionals | TechNet

IT security External links:

ReliaQuest IT Security Company

Information Systems Security External links:

[PDF]Information Systems Security Program

Career Center – Information Systems Security Association

ISSA – Information Systems Security Association

Information security External links:

ALTA – Information Security



Internet Service Providers External links:

Search For Internet Service Providers | InternetProviders.com

WiLine – High-Speed Internet Service Providers For Business

Internet Providers: Internet Service Providers

Internet security External links:

Center for Internet Security – Official Site

AT&T – Internet Security Suite powered by McAfee

CUJO AI Internet Security Firewall – Official Site

Internet service provider External links:

ClearSKY Systems, Inc. – Wireless Internet Service Provider

Internet Service Provider in Salt Lake City | Google Fiber

Verizon DSL Internet Service Provider – What is DSL?

Intrusion detection External links:

Intrusion Detection | Vanderbilt Security Systems

[PDF]Automatic Firmware Intrusion Detection and Repair …

Intrusion detection system External links:

Intrusion Detection System Design and Installation

Network administrator External links:

Become a System and Network Administrator | HVCC

Become a Network Administrator – Learning Path – Lynda.com

Network Administrator Job Description Examples | …

Network security External links:

Home Network Security | Trend Micro

Firewall Management Software | Network Security Monitoring

North America External links:

North America – SUZOHAPP

Point of Presence External links:

[PDF]Tower Cloud Establishes New Point of Presence at Colo Atl
http://coloatl.com/documents/Colo Atl Tower Cloud PR_FINAL.pdf

What is Point of Presence (POP)? – Definition from Techopedia

Packet Clearing House Point of Presence Locations | PCH

Security as a service External links:

Cyren IP Reputation Check – Security as a Service

Compliance through Risk Management -Security as a Service

Trend Micro Deep Security as a Service

Security audit External links:

What is security audit? – Definition from WhatIs.com

How Much Does a Security Audit Cost? (Video)

Security policies External links:

NDDOH Privacy/Security Policies

Online Security Policies | Principal

Privacy and Security Policies l Thrivent Financial

Service provider External links:

My Provider Link – Your Service Provider’s Billing Partner

Moving Helper® sign in – Moving Help Service Provider login

Online Payroll & HR Service Provider | Inova Payroll

Social engineering External links:

Social Engineering Attacks Flashcards | Quizlet

Phishing Simulation Software For Social Engineering Testing

Virtual Private Network External links:

VPN Virtual Private Network Services | Private Internet Access

Virtual Private Network (VPN) – Northeastern ITS

Virtual Private Network (VPN) : TechWeb : Boston University

Leave a Reply

Your email address will not be published. Required fields are marked *