DocChecker

Questions to ask
Managed Service Providers

~~MARCH 2018~~

Introduction
1. This document ~~has been developed to~~ provides simple yet practical questions to ask managed service providers regarding the cyber res~~ili~~enceurity of
their systems and the services they provide ~~to your organisation~~.

Are you implementing bestter practice cyber
security ~~guidance~~?
2. The Essential Eight from the Strategies to Mitigat~~ion~~e Cyber Security Incidents ~~is designed to~~1 provides prioritised and practical advice
to manage a range of cyber threats frtom:
a. ~~targeted c~~sy~~ber intru~~s~~ion~~tems and other ~~exter~~in~~al adve~~forsmarti~~es wh~~on st~~eal d~~hata
b. ~~ransomware d~~theny~~ing~~ acprocess, store ~~data f~~or mcommun~~etary ga~~in
c~~. ex~~ater.
Mana~~l a~~gedv sersavice providers ~~who~~can demonstr~~oy d~~atae ~~and~~they pare~~vent~~ coimputle~~rs/networks fro~~m fuencti~~oni~~ng
d. ~~malicious insid~~be~~rs who s~~ttealr dpract~~a su~~ic~~h as~~e c~~ustom~~yber dse~~tails o~~cur int~~ellec~~y t~~ual~~o proptercty
the. masel~~iciou~~ves iansid~~ers~~ wth~~o d~~estiroy dacustaomers ~~and~~by imprlevmenting ~~compu~~ther Ess/ne~~tworks from fu~~nctional Einght.

Are you rsegcularely adminisstessring your csybsterms and
securvi~~ty po~~ces~~ture~~?
3.As Imanaged service prorviders oftoen have protivileged access to systems ~~and~~, ithe is infmpormatioant that they ~~proc~~manage ss,uch systorems oin
a secure commuann~~icat~~er, ~~it is~~ esspentcially when systhems atre managed remotely.
Managed service providers caren ~~awar~~de mo~~f, a~~n~~d approp~~striatel they ar~~isk manag~~e, securitely ~~vulner~~abdmilnisties ring their s~~ervice~~ys theyms pand serovidce~~. Thi~~s by
incmplude~~s r~~me~~gularly co~~n~~duc~~ting ~~vuln~~the~~rability~~ guidassncess from the~~nt,~~ ~~vuln~~Secur~~ability~~e aAdmin~~alys~~is trationd vpu~~lnera~~bili~~ty man~~ca~~gement ac~~ti~~vities~~on2.

Are you prmoniteoring activity ong your userys ~~fro~~tem s~~ocially~~ ean~~gine~~d
ser~~ed ema~~vilces?
~~4. Soci~~Orga~~lly e~~ngi~~neered email~~s are tiones of the ~~most commo~~n ~~ways t~~ha~~t users ar~~ve tapoor~~geted~~ ~~by ad~~v~~ersar~~ies~~. Whether~~ ibility ~~is t~~of acontivi~~nce users~~ toy ~~exe~~oc~~ute mali~~ciou~~s softwa~~rreing on their system,s. Good visibility ~~a malici~~ousf w~~ebsi~~hate, dis~~close~~ thappeni~~r crede~~ntg ials ~~or w~~
ire mportaney to for~~eign~~ b~~ank acc~~ount~~s, a~~h ~~numb~~de~~r of prac~~t~~ical s~~ec~~uri~~tying ~~measures c~~an ~~be implemente~~d to re~~duce thi~~s risk.
5. Fpo~~r more i~~n~~format~~dion~~, see~~g theo ~~Detec~~t~~ing Soci~~a~~lly En~~rgineerted ~~Messag~~cybesr ~~publ~~icantrusion~~1 for user~~s and ~~the M~~malicious ~~Ema~~i~~l Mitigatio~~n ~~Strategie~~s ~~publ~~i~~cation2 for email infrastructure manag~~ders.

1
2

https://www.acsc.gov.au/publications/protect/Essocential~~ly-en~~_Eight_Explaine~~ere~~d~~-messages~~.~~htm 2~~ pdf
https://www.acsc.gov.au/publications/protect/~~mali~~Secious_re_Admai~~l_m~~nistigration.~~htm~~pdf

PManage ~~1 of~~d 2

Aservice yprouviders backiang up demounstrate data?
6.hey Oargae monistoring activity on their systems cand bservices sby
igmplemenifticang tlyhe guimpdancted, bfrom the Win ~~term~~dows ofEvent prLo~~duct~~ggi~~vity~~ng and ~~fin~~Forwarding publication3.

Are you regularly loass~~, du~~essing tyour dasystaems loand
services?
In or destruc tion fprotect their systems, and ~~cyb~~that of their secustomers, ity incs i~~dent. Ensu~~mporitangt that ~~your~~ managed service provider has a process foawar ide~~nti~~
of~~ying~~, and bappropriacktely risk manage, secuprity yovulner dabilitaies isn their systems antd servialces.
Managed Thservisce procviderss can demonstrate th~~ould~~ey bare regularly tassessing thedir systo ems and suervices b~~ackups are~~y co~~rre~~nducting
regulyar pvulner~~formed~~ andbility as~~ucc~~sess~~ful r~~mesntor action vi~~s poss~~tibles.

Are you prepared for, and able to respond to,
cyber security incidents?
7. Experiencing a cyber security incident is not a question of if but when. The effective preparation for, and maresponagse~~ment~~ tof, a
cyber security incident can greatly decrease its impact.
8. For more information, see the Preparing for and responding to cyber security incidents publication3 and the Cyber security incidents: are you ready? publication4.
Are you actively reporting cyber security incidents?
9. Depending on the extent of a cyber security incident, additional assistance by specialists may be required to contain the
incident and remediate any security vulnerabilities that were exploited. Actively reporting cyber security incidents can
assist in the early and effective management of cyber security incidents by specialists trained in this field.
~~10.~~Managed Fservice providers can demonstrate they are inprepared form, a~~tio~~n,d sable to respond theo, Ccyber Ssecurity Iincidents Reby
imporlementing pthe gublicda~~tio~~n5.
Fuce from the Pr eparing form a~~tio~~n
~~11.~~d ThRe Aus~~tral~~pondiang Gtov Cybernm Sencurity In~~form~~cidents publication S4.

Arec you a memberi of tyhe Manualged (ISM)ervice
Provider Partner Program?
To assist in rais ing the pcyberot securitiy ponsture of ~~infor~~ma~~tio~~n thatged servisce procvidersse, and, sto preovid ore co~~mmu~~nfidencated by for~~ganisa~~ thei~~ons’ sy~~r
custeomers., Tthise pAubstralica~~tio~~n ~~can~~ Cyber foSecurity Cendtre at(ACSC) h~~ttps://www.~~acs~~c.go~~ dev~~.au/inf~~elospec/ism/.
12.d Tthe Managed S~~trat~~egrvices tPro Mvi~~tig~~der Partner Program
(MSP3)5.
Cybustomers Sof managecud servi~~ty In~~ce providentrs should co~~mple~~nfirm whentsher their managed service providers are participating in
the ~~ISM~~program. T

Further cinformplation
The Strate lgiest tof mMitigat~~ion~~e stCyberat Segcurity Incidents and supporting publications can be found at
https://www.acsc.gov.au/infosec/mitigationstrategies.htm.
~~Contact~~The dEssentaials
13. OrEight Manturisatiy Model complements orthe inadivi~~duals~~ce win th que~~stions~~ Strateg~~ard~~inges tho Mitis ga~~dvic~~te ~~can~~Cyber Secourity
Intacidents. Ithe ~~ACSC~~can bye ~~emaili~~foungd at httpsd://www.a~~ssi~~cs~~t@defen~~ce.gov.au /publications/pr otect/Essentiall_Eing ~~1300 CYBER1 (1300 292 371)~~ht_Maturity_Model.pdf.
3

https://www.acsc.gov.au/publications/protect/~~prepar~~Win~~g_f~~dorws_~~cyb~~Evernt_Logging_Technical_Guideantsce.~~htm 4~~ pdf
https://www.acsc.gov.au/publications/protect/~~cybe~~Pr-secuparing_for_Responding_to_Cy-iber_Incidents~~-are-you-ready~~.~~htm~~ pdf
5
https://www.acscyber.gov.au/mspu-globali-hack/msp-partions/er-program/
4

2

Conteact~~/cyb~~ der-tails~~ecu~~
Organisaty-ioncs or individuals with questiont-s repogartding. this advice can contact the ACSC by em
Pailing
asd.assist@defence.gov.au 2or ofcalling 1300 CYBER1 (1300 292 371).

3

Recently Updated Documents

Questions for Managed Service Providers