IT Examiner School

Examiner: So, what is the timing for the bank to add these positions? NA Fossil: The bank just posted the positions, so we hope to have them filled within the next two-three months. Examiner: What are the daily tasks for your two positions? NA Fossil: Well, we expect them to do level 1 activities, such as password resets, desktop updates, etc. This will free up some of my time to enable me to not get so rushed or possibly behind in my work. Examiner: Ok, now explain what happened with this DDoS threat and the bank’s actions. NA Fossil: I sent that document in the supplemental data I provided to you. If you can’t find it, I’ll give you a copy. Essentially, we got the DDoS threat via email that said we would get attacked unless we paid in bitcoin. So, we notified the executives and the Board, who notified our MSSP, as well as our Internet provider, to be alert. We didn’t pay and to date, nothing has happened.

Examiner: Did you file a SAR? NA Fossil: Are we suppose to file one even if we didn’t suffer a loss?

Examiner: Yes, it is based on the FinCEN Advisory dated September 25, 20XX. NA Fossil: Ok, we’ll do one.