IT Examiner School

Examiner: So the Audit Committee is not involved in the process? NA Fossil: Yes, all responses are provided to Mr. Bose.

Examiner: Your responses indicate that you do not use standard baseline configurations for hardware/software. Is that correct? NA Fossil: Just for non-critical and most medium devices. At this time, we don’t have that many types of devices. However, we have a project to get this established since we are starting to grow and adding more devices, thus we need this done. Also, the auditors noted via the CAT that we are at baseline for our critical/most important devices.

Examiner: Does Contingent also help you with the risk assessment process? NA Fossil: As the auditor, they are an integral part of this process.

Examiner: So, Contingent provides guidance on the validity of the risk assessments? NA Fossil: No. We look at their audits and change our risk factor depending the findings.

Examiner: Have you had any security incidents? NA Fossil: Intelligent. Inc. has not reported any incidents for the IDS and firewall. Network server logs have not indicated any breaches either. As you may recall, we did have that DDoS threat not long ago.

Examiner: Have you had any other threats? NA Fossil: No, just the one we gave you.

Examiner: You seem to have a lot of responsibilities here. Who reviews your activity? NA Fossil: No one directly. I’m very careful and no one has complained.