This may be way off topic for this site but here it goes. I am on a supervisory committee for a credit union and we have our annual questionnaire to pose to management. We would like a overview from the CIO as to what safeguards are in place to protect members data. What questions should be asked and how should the question be written? The majority of the committee members are not tech savvy, so the answer we would be looking for is more of an overview of what is in place to secure the data. Any help with this would be greatly appreciated.
1. Do all desktops have real-time AV on them?
2. How are these AV applications updated? Manually, automatic, scheduled?
3. Is the backup solution encrypted, is this vendor listed on the Approved vendor list?
-if not, then describe the process in which is is protected from unauthorized use?
4. Is there 3rd party remote control software in use
5. are their wireless access points in use
6. Describe the process used to decommission office equipment at the end of it useful life?
7. Are end users allowed to use USB or other removable media?
-If yes, how is this controlled/audited?
8. What process/steps/audit trail is in place to prove the above is being adhered to?
- IE is there a IT asset log, AV reports, IT destruction log, etc.