Transcript of interview with Help Desk

Operational Security
Incident Response
Training

Auditor: I’d like to understand the help desk’s role in information security. How are user security incidents and requests handled?

Help desk: We have defined escalation procedures for different incident types. These are documented and involve the information security team as needed.

Auditor: Good to know. How are access requests and provisioning changes managed?

Help desk: Employees submit tickets for new access which we vet and approve based on established protocols. Proper provisioning channels are followed per security guidance.

Auditor: Excellent. What verification is done for users requesting password resets or account unlocks?

Help desk: Identity is confirmed verbally or via token-based methods. For highly privileged accounts, in-person verification occurs before resetting credentials.

Auditor: Great overview so far. How does the help desk team stay current on security policies and procedures?

Help desk: We undergo regular security training from the infosec team. Knowledge base articles outline our protocols so new hires get up to speed quickly.

Auditor: What role does the help desk play in security awareness and education for end users?

Help desk: We provide best practice guidance on password policies, phishing risks, data handling, and other areas when working with users.

Auditor: How are help desk systems and tools secured to prevent unauthorised access?

Help desk: Access follows least privilege principles. Controls like MFA, logging, and endpoint security help safeguard help desk infrastructure.

Auditor: What mechanisms exist for confidential incident reporting or whistle blowing?

Help desk: Users can submit anonymous tickets detailing concerns which get routed to infosec and legal teams through secure channels.

Auditor: How could help desk practices better align with organisational security initiatives?

Help desk: Increased collaboration through regularly scheduled working sessions with infosec. Potential cross-training opportunities as well.

Auditor: Finally, does the help desk participate in any security drills or exercises?

Help desk: We are involved in annual incident response simulations to validate our procedures and coordination with other teams.