#23258 Kickoff Recap & Next Steps (00270-2022-001)
Resolved
Created Apr 20, 2023, 9:19 PM
Resolved Nov 7, 2023, 11:14 PM
System (internal)
Apr 20, 2023, 9:19 PM
Check-in (internal)
Apr 20, 2023, 9:19 PM
Hi Emilie, Thank you for taking the time to meet with the LMG team today. Here are some high-level notes from our discussion, with action items inbold: Internal Penetration Test (IPT) – Emily Gosney - 5/1-5/3 - Start w/ discovery scanning - Nothing specific to test/look for - We currently do not see the virtual machine connecting back to us. Please refer to my prior email and feel free to reach out to our IT team (copied here) to troubleshoot if needed. External Penetration Test (EPT) – Brandon Kirkbride - 5/8-5/9 - Brandon will reach out if allowlisting is not in place and if he encounters lockout policy - Nothing specific to test/look for - SMB Egress: send to Emilie - Brandon to check if O365 was included in last year’s testing –it was. We will include it again this year. Tenable.io Continuous Vulnerability Scanning & Security Fundamentals Technical Testing (SFTT) – Alex Rogers - Internal and external - 54 assets - Alex is setting up your portal on our end and will reach out to set up a meeting with you and Peet to walk you through the install on your end. - Frequency of scanning can be edited in portal by Bank of Montana team - SFTT (formal reporting on vulnerabilities) – twice a year (bi-quarterly) as per the SOW - Start date/first SFTT date TBD once portal is configured Security Fundamentals Controls Assessment (SFCA) – Sam Scroggins - Beginning May 1 - Documentation and interview request form – Sam needs by start of engagement - Emilie and/or Peet for all interviews All of the consultants for these components are copied here, so don’t hesitate to reach out with any questions or concerns that arise. We’re looking forward to getting started on this! Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Shayna Fink <[email protected]> Date: Tuesday, April 18, 2023 at 2:08 PM To: Emilie Johnston <[email protected]> Cc: Projects <[email protected]>, IT <[email protected]> Subject: Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, We do not see your virtual machine connecting back to us. If that is what Peet meant, I’ve copied our IT team to troubleshoot the install directly. If that is not what he meant, please clarify when you can. Thank you! Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Shayna Fink <[email protected]> Date: Tuesday, April 18, 2023 at 1:55 PM To: Emilie Johnston <[email protected]> Cc: Projects <[email protected]> Subject: Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Great question! We need the documentation request before the start of the engagement, which is May 1. That being said, if you are able to fill out any portion of the document before our kickoff call on Thursday, please do so (even if it’s incomplete). Thank you for uploading the TTQ! I am checking with our internal IT team to see if your VM is connecting back to us, and I will get back to you shortly (I assume that is what Peet means?) Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Emilie Johnston <[email protected]> Date: Tuesday, April 18, 2023 at 1:46 PM To: Shannon Dinger <[email protected]> Cc: Projects <[email protected]> Subject: RE: Bank of Montana - Project Kickoff [00270-2022-001] Hi Again, When do you need the document request list completed and uploaded by? Thanks, Emile EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 [embedded image] The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From: Shannon Dinger <[email protected]> Sent: Thursday, April 6, 2023 2:01 PM To: Emilie Johnston <[email protected]> Cc: Projects <[email protected]> Subject: Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Sounds great! I will send over the Zoom call calendar invite here shortly for Thursday the 20th at 11am MT (call will be approx. 1hr). Below are some items to note inbold that we will need to have prior to testing (you have plenty of time to work on this - no immediate rush) - Technical Testing Questionnaire(TTQ)to be complete and uploaded to ShareFile (let me know if you need a fresh copy of this document). Additionally, please make sure to read the instructions for the virtual machine download if you elect to use a virtual machine (vs. a physical device) for the Internal penetration testing. Please have it completed prior to our kickoff call and upload it to the project ShareFile folder https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 - IP Verification: On the TTQ, we will need you to provide the list of target IP addresses in advance, as well as any information necessary to verify that the targeted addresses belong to you for the External penetration test. - For the Security Fundamentals Control Assessment: I have uploaded information into the project Sharefile folder under LMG uploads - Security Engagement Quick Start Guide ('EQSG’) anddocument and interview request Excel Workbook to discuss during the kickoff call Be in touch soon, thanks again! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 [embedded image] On Apr 6, 2023, at 2:25 PM, Emilie Johnston <[email protected]> wrote: Lol no worries!! And gotcha! Let’s just do the Thursday, 4/20 call then.😊 Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 [embedded image] The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Thursday, April 6, 2023 1:23 PM To:Emilie Johnston <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] * Emilie - so sorry for the mis-spelling !! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 [embedded image] On Apr 6, 2023, at 2:21 PM, Shannon Dinger <[email protected]> wrote: Hi Emily, Whichever week/timeframe works better for you! One of our consultants on this engagement will be out of office next week, but we can still do the kickoff without him, and have a separate call with him later. We can do next week on Monday the 10th and then have another shorter call scheduled the following week on Thursday 4/20 OR we can just do one hour long kickoff on Thursday 4/20 that has all consultants involved on the call. Let me know whatever works better for you. Thank you! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 <image001.png> On Apr 6, 2023, at 2:07 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Sorry, do you need one for each week? Or just one?😊 If you need one then: Can we do 2pm on Monday, 4/10? If you need two then: Can we do 2pm on Monday, 4/10? And then Thursday, 4/20 at 11am? Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Thursday, April 6, 2023 1:03 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Just wanted to touch base with you on avalibility for the kickoff call prior to testing beginning in early May. Below is our updated avalibility for a kickoff call: Week of 04/10:(Consultant performing your Fundamentals Controls Assessment is out of office this week so we could schedule a separate call with him the following week) Monday, 04/10: 9:30am - 10am, 10:30am - 3pm MT Tuesday, 04/11: 10:30am - 12pm, 12:30 - 2pm MT Wednesday, 04/12: 10:30am - 3pm MT Thursday, 04/13: 11am - 3pm MT Friday, 04/14: 10:30-11am, 12 - 2pm MT Week of 04/17: Monday, 04/17: 9:30 - 10, 10:30am - 3pm MT Tuesday, 04/18: 10:30am - 3pm MT Wednesday, 04/19: 10:30 - 11am, 1-2pm MT Thursday, 04/20: 10:30 - 3pm MT Friday, 04/21: 10:30am - 11am, 12:30 - 2pm MT Please let me know if any timeframes listed work best for you. Thanks! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 On Mar 31, 2023, at 12:17 PM, Shannon Dinger <[email protected]> wrote: Hi Emilie, Hope you are doing well! I just wanted to touch base regarding the technical testing that we are performing in May: - External Penetration Test(‘EPT') starts on05/08/23 and finishes 05/09: Performed by LMG consultant Brandon Kirkbride - Internal Penetration Test (‘IPT') starts on05/01/23 and finishes 05/03: Performed by LMG consultant Emily Gosney - Security Fundamentals Controls Assessment (‘SFCA') starts on05/01/23 and finishes ~05/08 : Performed by LMG consultant Parker Lee - Security Fundamentals Technical Testing(‘SFTT’) + Continuous Vulnerability Scans ('CVS’): Tenable portal set up for scans are to start on05/02/23 : Performed by LMG consultant Alex Rogers Now that we are getting closer to testing, I thought it would be a good time to hold the kickoff call with each of the consultants to discuss the components and to confirm the schedule with you. How is your early April looking? Below is our upcoming avalibility for a kickoff call: Wednesday, 04/05: 12 - 2pm MT Thursday, 04/06: 10:30 - 11:30am, 1-3pm MT Friday, 04/07: 10:30am - 1:30pm MT Monday, 04/10: 10:30am - 3pm MT Tuesday, 04/11: 10:30- 11:30am, 1 - 3pm MT Wednesday, 04/12: 11:30am - 3pm MT Thursday, 04/13: 10:30am - 2:30pm MT Friday, 04/14: 10:30am - 12pm MT Prior to the Kickoff just as a reminder, we’ll need the Technical Testing Questionnaire(TTQ) uploaded to ShareFile. Please let me know if you need me to send over a new TTQ document for you. https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 Best Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 On Feb 28, 2023, at 11:51 AM, Emilie Johnston <[email protected]> wrote: Thank you! EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Tuesday, February 28, 2023 10:51 AM To:Emilie Johnston <[email protected]> Cc:Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Thanks for your patience while we coordinated what would be best for your CEO’s ask. There are 2 handouts that we think would be best: [Business Email Compromise handout](https://www.lmgsecurity.com/resources/business-email-compromise/) [How to Spot a Phishing Email handout](https://www.lmgsecurity.com/resources/how-to-spot-a-phishing-email/) Please let me know if there are any other resources I can help with at this time. Best, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Feb 20, 2023, at 10:48 AM, Emilie Johnston <[email protected]> wrote: Hi Natalie, Awesome. This is what my CEO emailed me: “My hot button “issue” right now is internal and external emails. There are other subjects I'm sure..but I’d like to know …what is normal now…what is best practice etc. That is ….what is ok to be in an email, etc.” Does that help at all?😊 Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Monday, February 20, 2023 10:44 AM To:Emilie Johnston <[email protected]> Cc:Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, What a great question! We do have a variety of handouts that could help with emails. Could you please give me more info on what you’re looking for? Are you trying to help people avoid phishing emails? Prevent email hacking? Help people understand why they need MFA for email? Please let me know and I’ll happily be able to send over the resources we have available. Thanks, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Feb 20, 2023, at 9:14 AM, Emilie Johnston <[email protected]> wrote: Good Morning! I was wondering if you guys have any handouts that are specific to emails? Like the do’s and don’ts when sending emails? Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Tuesday, January 3, 2023 2:51 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]>; Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Stepping in here in regards to the webinar planning for June 2023! I’ve set up the webinar on GoToWebinar and sent you a calendar invitation with your individual sign on link, as well as the registration link to circulate to those you’d like to attend. I’ve included them here for convenience as well: Registration Link: https://attendee.gotowebinar.com/register/3051327714240822112 Emilie link: https://global.gotowebinar.com/pjoin/3051327714240822112/6376629108635408476 I will be reaching out in late April to schedule a kickoff call. We’ll go over various logistics including moderator roles, script revisions, and debrief times. In the mean time, please feel free to contact me with any questions you may have prior to the webinar. Thanks so much, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Jan 3, 2023, at 2:31 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Let’s do June 27that 4pm! Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Tuesday, January 3, 2023 2:28 PM To:Emilie Johnston <[email protected]> Cc:Natalie Bray <[email protected]>; Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Hope you had a great holiday weekend! Below is our current availability for the webinar within the time frame you had recommended: 6/27 from 4-5 PM MST 6/28 from 4-5 PM MST Please let me know if any timeframe listed will work for you. Additionally, I have copied Natalie Bray on this email incase you would like to explore any other future availability for the webinar. Thank you! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 30, 2022, at 1:18 PM, Emilie Johnston <[email protected]> wrote: Sounds perfect! Thank you! Bank of Montana’sUpcomingClosures: Friday, December 30th[embedded image]Closing at 3pm Monday, January 2nd⛄Closed EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Friday, December 30, 2022 12:18 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Thank you so much for the quick response. We have those technical testing dates booked. As for the Webinar, that sounds fantastic! I will coordinate with our scheduling team to get confirmation on exact date, and will circle back with you early next week. Kind Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 30, 2022, at 1:08 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Yes, those dates sound perfect! For the webinar – thinking somewhere in the last 2 weeks of June? From 3:30-5pm? Thanks, Emilie Bank of Montana’sUpcomingClosures: Friday, December 30th[embedded image]Closing at 3pm Monday, January 2nd⛄Closed EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Friday, December 30, 2022 11:30 AM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Hope you are well! Just wanted to check in with you and confirm the May testing dates outlined below and get your requested timeframe for the Webinar. Please let me know if you have any questions or need anything in the meantime. As a reminder, I will be following up with you 4-6 weeks prior to testing to get our kick off call set up with the assigned consultants. Have a happy new year! Kind Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 8, 2022, at 8:10 AM, Shannon Dinger <[email protected]> wrote: Hi Emilie, It’s great to be working with you on this project, as the Project Manager. Our process for completing the project is as follows: 1.Assign consultants and set schedule- This is complete. We have assigned the following consultants: Brandon Kirkbride to begin theExternal Penetration Test(EPT) on05/01/23and finish it on 05/03/23 Daniel Bennett to begin theInternal Penetration Test (IPT) on05/01/23and finish it on 05/03/23 Parker Lee to begin theSecurity Fundamentals Controls Assessment (SFCA) on05/03/23and finish it on 05/03/23 Quarterly Security Fundamentals Technical Testing(SFTT) starting on05/03/23 Webinar date TBD 2.Hold a kick-off call- introduce teams and discuss Goals and Objectives 3.Run each component on scheduled dates 4.Deliver reports - This is estimated to happen by05/25/23 (EPT, IPT, SFCA) 5.Hold wrap-up call- to discuss reports and address questions I will be reaching back out with you 4-6 prior to the start of testing to get the kickoff call on our calendars. In the meantime, you should have received an email from ShareFile, our secure document sharing platform. This is our preferred method for sharing confidential information during the project. The folder setup for you is titled 00270-2022-001. Be sure to check your junk email folder if you do not receive the notification and let me know if you have any trouble with access. If there is anyone else who should have access, please let me know and I will add them. Attached, is aTechnical Testing Questionnaire(TTQ). Please have it completed prior to our kickoff call and uploaded to ShareFile here:https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 <TTQ - 00270-2022-001 - Bank of Montana .docx> I look forward to speaking with you. Please let me know if you have any question or concerns. All the best, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image001.png>
customer-reply (internal)
Apr 25, 2023, 3:12 PM
Hi all, Checking in on the virtual machine setup for the Internal Penetration Test. We don’t see it connecting back yet - let us know if you need any assistance getting that VM setup. Thanks, Paul Martin CIO LMG Security Cell: (406) 830-5015 [email protected] On Apr 20, 2023, at 3:19 PM, Shayna Fink <[email protected]> wrote: Hi Emilie, Thank you for taking the time to meet with the LMG team today. Here are some high-level notes from our discussion, with action items inbold: Internal Penetration Test (IPT) – Emily Gosney - 5/1-5/3 - Start w/ discovery scanning - Nothing specific to test/look for - We currently do not see the virtual machine connecting back to us. Please refer to my prior email and feel free to reach out to our IT team (copied here) to troubleshoot if needed. External Penetration Test (EPT) – Brandon Kirkbride - 5/8-5/9 - Brandon will reach out if allowlisting is not in place and if he encounters lockout policy - Nothing specific to test/look for - SMB Egress: send to Emilie - Brandon to check if O365 was included in last year’s testing –it was. We will include it again this year. [Tenable.io](http://tenable.io/)Continuous Vulnerability Scanning & Security Fundamentals Technical Testing (SFTT) – Alex Rogers - Internal and external - 54 assets - Alex is setting up your portal on our end and will reach out to set up a meeting with you and Peet to walk you through the install on your end. - Frequency of scanning can be edited in portal by Bank of Montana team - SFTT (formal reporting on vulnerabilities) – twice a year (bi-quarterly) as per the SOW - Start date/first SFTT date TBD once portal is configured Security Fundamentals Controls Assessment (SFCA) – Sam Scroggins - Beginning May 1 - Documentation and interview request form – Sam needs by start of engagement - Emilie and/or Peet for all interviews All of the consultants for these components are copied here, so don’t hesitate to reach out with any questions or concerns that arise. We’re looking forward to getting started on this! Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Shayna Fink <[email protected]> Date:Tuesday, April 18, 2023 at 2:08 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]>, IT <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, We do not see your virtual machine connecting back to us. If that is what Peet meant, I’ve copied our IT team to troubleshoot the install directly. If that is not what he meant, please clarify when you can. Thank you! Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Shayna Fink <[email protected]> Date:Tuesday, April 18, 2023 at 1:55 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Great question! We need the documentation request before the start of the engagement, which is May 1. That being said, if you are able to fill out any portion of the document before our kickoff call on Thursday, please do so (even if it’s incomplete). Thank you for uploading the TTQ! I am checking with our internal IT team to see if your VM is connecting back to us, and I will get back to you shortly (I assume that is what Peet means?) Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Emilie Johnston <[email protected]> Date:Tuesday, April 18, 2023 at 1:46 PM To:Shannon Dinger <[email protected]> Cc:Projects <[email protected]> Subject:RE: Bank of Montana - Project Kickoff [00270-2022-001] Hi Again, When do you need the document request list completed and uploaded by? Thanks, Emile EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Thursday, April 6, 2023 2:01 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Sounds great! I will send over the Zoom call calendar invite here shortly for Thursday the 20th at 11am MT (call will be approx. 1hr). Below are some items to note inboldthat we will need to have prior to testing (you have plenty of time to work on this - no immediate rush) - Technical Testing Questionnaire(TTQ)to be complete and uploaded to ShareFile (let me know if you need a fresh copy of this document). Additionally, please make sure to read the instructions for the virtual machine download if you elect to use a virtual machine (vs. a physical device) for the Internal penetration testing. Please have it completed prior to our kickoff call and upload it to the project ShareFile folder https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 - IP Verification: On the TTQ, we will need you to provide the list of target IP addresses in advance, as well as any information necessary to verify that the targeted addresses belong to you for the External penetration test. - For the Security Fundamentals Control Assessment: I have uploaded information into the project Sharefile folder under LMG uploads - Security Engagement Quick Start Guide ('EQSG’) anddocument and interview request Excel Workbook to discuss during the kickoff call Be in touch soon, thanks again! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 <image002.png> On Apr 6, 2023, at 2:25 PM, Emilie Johnston <[email protected]> wrote: Lol no worries!! And gotcha! Let’s just do the Thursday, 4/20 call then.😊 Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Thursday, April 6, 2023 1:23 PM To:Emilie Johnston <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] * Emilie - so sorry for the mis-spelling !! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 <image002.png> On Apr 6, 2023, at 2:21 PM, Shannon Dinger <[email protected]> wrote: Hi Emily, Whichever week/timeframe works better for you! One of our consultants on this engagement will be out of office next week, but we can still do the kickoff without him, and have a separate call with him later. We can do next week on Monday the 10th and then have another shorter call scheduled the following week on Thursday 4/20 OR we can just do one hour long kickoff on Thursday 4/20 that has all consultants involved on the call. Let me know whatever works better for you. Thank you! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 <image001.png> On Apr 6, 2023, at 2:07 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Sorry, do you need one for each week? Or just one?😊 If you need one then: Can we do 2pm on Monday, 4/10? If you need two then: Can we do 2pm on Monday, 4/10? And then Thursday, 4/20 at 11am? Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Thursday, April 6, 2023 1:03 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Just wanted to touch base with you on avalibility for the kickoff call prior to testing beginning in early May. Below is our updated avalibility for a kickoff call: Week of 04/10:(Consultant performing your Fundamentals Controls Assessment is out of office this week so we could schedule a separate call with him the following week) Monday, 04/10: 9:30am - 10am, 10:30am - 3pm MT Tuesday, 04/11: 10:30am - 12pm, 12:30 - 2pm MT Wednesday, 04/12: 10:30am - 3pm MT Thursday, 04/13: 11am - 3pm MT Friday, 04/14: 10:30-11am, 12 - 2pm MT Week of 04/17: Monday, 04/17: 9:30 - 10, 10:30am - 3pm MT Tuesday, 04/18: 10:30am - 3pm MT Wednesday, 04/19: 10:30 - 11am, 1-2pm MT Thursday, 04/20: 10:30 - 3pm MT Friday, 04/21: 10:30am - 11am, 12:30 - 2pm MT Please let me know if any timeframes listed work best for you. Thanks! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 On Mar 31, 2023, at 12:17 PM, Shannon Dinger <[email protected]> wrote: Hi Emilie, Hope you are doing well! I just wanted to touch base regarding the technical testing that we are performing in May: - External Penetration Test(‘EPT') starts on05/08/23 and finishes 05/09: Performed by LMG consultant Brandon Kirkbride - Internal Penetration Test (‘IPT') starts on05/01/23 and finishes 05/03: Performed by LMG consultant Emily Gosney - Security Fundamentals Controls Assessment (‘SFCA') starts on05/01/23 and finishes ~05/08 : Performed by LMG consultant Parker Lee - Security Fundamentals Technical Testing(‘SFTT’) + Continuous Vulnerability Scans ('CVS’): Tenable portal set up for scans are to start on05/02/23 : Performed by LMG consultant Alex Rogers Now that we are getting closer to testing, I thought it would be a good time to hold the kickoff call with each of the consultants to discuss the components and to confirm the schedule with you. How is your early April looking? Below is our upcoming avalibility for a kickoff call: Wednesday, 04/05: 12 - 2pm MT Thursday, 04/06: 10:30 - 11:30am, 1-3pm MT Friday, 04/07: 10:30am - 1:30pm MT Monday, 04/10: 10:30am - 3pm MT Tuesday, 04/11: 10:30- 11:30am, 1 - 3pm MT Wednesday, 04/12: 11:30am - 3pm MT Thursday, 04/13: 10:30am - 2:30pm MT Friday, 04/14: 10:30am - 12pm MT Prior to the Kickoff just as a reminder, we’ll need the Technical Testing Questionnaire(TTQ) uploaded to ShareFile. Please let me know if you need me to send over a new TTQ document for you. https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 Best Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 On Feb 28, 2023, at 11:51 AM, Emilie Johnston <[email protected]> wrote: Thank you! EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Tuesday, February 28, 2023 10:51 AM To:Emilie Johnston <[email protected]> Cc:Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Thanks for your patience while we coordinated what would be best for your CEO’s ask. There are 2 handouts that we think would be best: [Business Email Compromise handout](https://www.lmgsecurity.com/resources/business-email-compromise/) [How to Spot a Phishing Email handout](https://www.lmgsecurity.com/resources/how-to-spot-a-phishing-email/) Please let me know if there are any other resources I can help with at this time. Best, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Feb 20, 2023, at 10:48 AM, Emilie Johnston <[email protected]> wrote: Hi Natalie, Awesome. This is what my CEO emailed me: “My hot button “issue” right now is internal and external emails. There are other subjects I'm sure..but I’d like to know …what is normal now…what is best practice etc. That is ….what is ok to be in an email, etc.” Does that help at all?😊 Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Monday, February 20, 2023 10:44 AM To:Emilie Johnston <[email protected]> Cc:Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, What a great question! We do have a variety of handouts that could help with emails. Could you please give me more info on what you’re looking for? Are you trying to help people avoid phishing emails? Prevent email hacking? Help people understand why they need MFA for email? Please let me know and I’ll happily be able to send over the resources we have available. Thanks, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Feb 20, 2023, at 9:14 AM, Emilie Johnston <[email protected]> wrote: Good Morning! I was wondering if you guys have any handouts that are specific to emails? Like the do’s and don’ts when sending emails? Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Tuesday, January 3, 2023 2:51 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]>; Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Stepping in here in regards to the webinar planning for June 2023! I’ve set up the webinar on GoToWebinar and sent you a calendar invitation with your individual sign on link, as well as the registration link to circulate to those you’d like to attend. I’ve included them here for convenience as well: Registration Link: https://attendee.gotowebinar.com/register/3051327714240822112 Emilie link: https://global.gotowebinar.com/pjoin/3051327714240822112/6376629108635408476 I will be reaching out in late April to schedule a kickoff call. We’ll go over various logistics including moderator roles, script revisions, and debrief times. In the mean time, please feel free to contact me with any questions you may have prior to the webinar. Thanks so much, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Jan 3, 2023, at 2:31 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Let’s do June 27that 4pm! Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Tuesday, January 3, 2023 2:28 PM To:Emilie Johnston <[email protected]> Cc:Natalie Bray <[email protected]>; Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Hope you had a great holiday weekend! Below is our current availability for the webinar within the time frame you had recommended: 6/27 from 4-5 PM MST 6/28 from 4-5 PM MST Please let me know if any timeframe listed will work for you. Additionally, I have copied Natalie Bray on this email incase you would like to explore any other future availability for the webinar. Thank you! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 30, 2022, at 1:18 PM, Emilie Johnston <[email protected]> wrote: Sounds perfect! Thank you! Bank of Montana’sUpcomingClosures: Friday, December 30th[embedded image]Closing at 3pm Monday, January 2nd⛄Closed EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Friday, December 30, 2022 12:18 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Thank you so much for the quick response. We have those technical testing dates booked. As for the Webinar, that sounds fantastic! I will coordinate with our scheduling team to get confirmation on exact date, and will circle back with you early next week. Kind Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 30, 2022, at 1:08 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Yes, those dates sound perfect! For the webinar – thinking somewhere in the last 2 weeks of June? From 3:30-5pm? Thanks, Emilie Bank of Montana’sUpcomingClosures: Friday, December 30th[embedded image]Closing at 3pm Monday, January 2nd⛄Closed EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Friday, December 30, 2022 11:30 AM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Hope you are well! Just wanted to check in with you and confirm the May testing dates outlined below and get your requested timeframe for the Webinar. Please let me know if you have any questions or need anything in the meantime. As a reminder, I will be following up with you 4-6 weeks prior to testing to get our kick off call set up with the assigned consultants. Have a happy new year! Kind Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 8, 2022, at 8:10 AM, Shannon Dinger <[email protected]> wrote: Hi Emilie, It’s great to be working with you on this project, as the Project Manager. Our process for completing the project is as follows: 1.Assign consultants and set schedule- This is complete. We have assigned the following consultants: Brandon Kirkbride to begin theExternal Penetration Test(EPT) on05/01/23and finish it on 05/03/23 Daniel Bennett to begin theInternal Penetration Test (IPT) on05/01/23and finish it on 05/03/23 Parker Lee to begin theSecurity Fundamentals Controls Assessment (SFCA) on05/03/23and finish it on 05/03/23 Quarterly Security Fundamentals Technical Testing(SFTT) starting on05/03/23 Webinar date TBD 2.Hold a kick-off call- introduce teams and discuss Goals and Objectives 3.Run each component on scheduled dates 4.Deliver reports - This is estimated to happen by05/25/23 (EPT, IPT, SFCA) 5.Hold wrap-up call- to discuss reports and address questions I will be reaching back out with you 4-6 prior to the start of testing to get the kickoff call on our calendars. In the meantime, you should have received an email from ShareFile, our secure document sharing platform. This is our preferred method for sharing confidential information during the project. The folder setup for you is titled 00270-2022-001. Be sure to check your junk email folder if you do not receive the notification and let me know if you have any trouble with access. If there is anyone else who should have access, please let me know and I will add them. Attached, is aTechnical Testing Questionnaire(TTQ). Please have it completed prior to our kickoff call and uploaded to ShareFile here:https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 <TTQ - 00270-2022-001 - Bank of Montana .docx> I look forward to speaking with you. Please let me know if you have any question or concerns. All the best, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image001.png>
customer-reply (internal)
Apr 26, 2023, 2:42 PM
Hi all, Checking in on the virtual machine setup for the Internal Penetration Test. We don’t see it connecting back yet - let us know if you need any assistance getting that VM setup. Thanks, Paul Martin CIO LMG Security Cell: (406) 830-5015 [email protected] On Apr 20, 2023, at 3:19 PM, Shayna Fink <[email protected]> wrote: Hi Emilie, Thank you for taking the time to meet with the LMG team today. Here are some high-level notes from our discussion, with action items inbold: Internal Penetration Test (IPT) – Emily Gosney - 5/1-5/3 - Start w/ discovery scanning - Nothing specific to test/look for - We currently do not see the virtual machine connecting back to us. Please refer to my prior email and feel free to reach out to our IT team (copied here) to troubleshoot if needed. External Penetration Test (EPT) – Brandon Kirkbride - 5/8-5/9 - Brandon will reach out if allowlisting is not in place and if he encounters lockout policy - Nothing specific to test/look for - SMB Egress: send to Emilie - Brandon to check if O365 was included in last year’s testing –it was. We will include it again this year. [Tenable.io](http://tenable.io/)Continuous Vulnerability Scanning & Security Fundamentals Technical Testing (SFTT) – Alex Rogers - Internal and external - 54 assets - Alex is setting up your portal on our end and will reach out to set up a meeting with you and Peet to walk you through the install on your end. - Frequency of scanning can be edited in portal by Bank of Montana team - SFTT (formal reporting on vulnerabilities) – twice a year (bi-quarterly) as per the SOW - Start date/first SFTT date TBD once portal is configured Security Fundamentals Controls Assessment (SFCA) – Sam Scroggins - Beginning May 1 - Documentation and interview request form – Sam needs by start of engagement - Emilie and/or Peet for all interviews All of the consultants for these components are copied here, so don’t hesitate to reach out with any questions or concerns that arise. We’re looking forward to getting started on this! Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Shayna Fink <[email protected]> Date:Tuesday, April 18, 2023 at 2:08 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]>, IT <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, We do not see your virtual machine connecting back to us. If that is what Peet meant, I’ve copied our IT team to troubleshoot the install directly. If that is not what he meant, please clarify when you can. Thank you! Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Shayna Fink <[email protected]> Date:Tuesday, April 18, 2023 at 1:55 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Great question! We need the documentation request before the start of the engagement, which is May 1. That being said, if you are able to fill out any portion of the document before our kickoff call on Thursday, please do so (even if it’s incomplete). Thank you for uploading the TTQ! I am checking with our internal IT team to see if your VM is connecting back to us, and I will get back to you shortly (I assume that is what Peet means?) Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Emilie Johnston <[email protected]> Date:Tuesday, April 18, 2023 at 1:46 PM To:Shannon Dinger <[email protected]> Cc:Projects <[email protected]> Subject:RE: Bank of Montana - Project Kickoff [00270-2022-001] Hi Again, When do you need the document request list completed and uploaded by? Thanks, Emile EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Thursday, April 6, 2023 2:01 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Sounds great! I will send over the Zoom call calendar invite here shortly for Thursday the 20th at 11am MT (call will be approx. 1hr). Below are some items to note inboldthat we will need to have prior to testing (you have plenty of time to work on this - no immediate rush) - Technical Testing Questionnaire(TTQ)to be complete and uploaded to ShareFile (let me know if you need a fresh copy of this document). Additionally, please make sure to read the instructions for the virtual machine download if you elect to use a virtual machine (vs. a physical device) for the Internal penetration testing. Please have it completed prior to our kickoff call and upload it to the project ShareFile folder https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 - IP Verification: On the TTQ, we will need you to provide the list of target IP addresses in advance, as well as any information necessary to verify that the targeted addresses belong to you for the External penetration test. - For the Security Fundamentals Control Assessment: I have uploaded information into the project Sharefile folder under LMG uploads - Security Engagement Quick Start Guide ('EQSG’) anddocument and interview request Excel Workbook to discuss during the kickoff call Be in touch soon, thanks again! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 <image002.png> On Apr 6, 2023, at 2:25 PM, Emilie Johnston <[email protected]> wrote: Lol no worries!! And gotcha! Let’s just do the Thursday, 4/20 call then.😊 Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Thursday, April 6, 2023 1:23 PM To:Emilie Johnston <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] * Emilie - so sorry for the mis-spelling !! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 <image002.png> On Apr 6, 2023, at 2:21 PM, Shannon Dinger <[email protected]> wrote: Hi Emily, Whichever week/timeframe works better for you! One of our consultants on this engagement will be out of office next week, but we can still do the kickoff without him, and have a separate call with him later. We can do next week on Monday the 10th and then have another shorter call scheduled the following week on Thursday 4/20 OR we can just do one hour long kickoff on Thursday 4/20 that has all consultants involved on the call. Let me know whatever works better for you. Thank you! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 <image001.png> On Apr 6, 2023, at 2:07 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Sorry, do you need one for each week? Or just one?😊 If you need one then: Can we do 2pm on Monday, 4/10? If you need two then: Can we do 2pm on Monday, 4/10? And then Thursday, 4/20 at 11am? Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Thursday, April 6, 2023 1:03 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Just wanted to touch base with you on avalibility for the kickoff call prior to testing beginning in early May. Below is our updated avalibility for a kickoff call: Week of 04/10:(Consultant performing your Fundamentals Controls Assessment is out of office this week so we could schedule a separate call with him the following week) Monday, 04/10: 9:30am - 10am, 10:30am - 3pm MT Tuesday, 04/11: 10:30am - 12pm, 12:30 - 2pm MT Wednesday, 04/12: 10:30am - 3pm MT Thursday, 04/13: 11am - 3pm MT Friday, 04/14: 10:30-11am, 12 - 2pm MT Week of 04/17: Monday, 04/17: 9:30 - 10, 10:30am - 3pm MT Tuesday, 04/18: 10:30am - 3pm MT Wednesday, 04/19: 10:30 - 11am, 1-2pm MT Thursday, 04/20: 10:30 - 3pm MT Friday, 04/21: 10:30am - 11am, 12:30 - 2pm MT Please let me know if any timeframes listed work best for you. Thanks! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 On Mar 31, 2023, at 12:17 PM, Shannon Dinger <[email protected]> wrote: Hi Emilie, Hope you are doing well! I just wanted to touch base regarding the technical testing that we are performing in May: - External Penetration Test(‘EPT') starts on05/08/23 and finishes 05/09: Performed by LMG consultant Brandon Kirkbride - Internal Penetration Test (‘IPT') starts on05/01/23 and finishes 05/03: Performed by LMG consultant Emily Gosney - Security Fundamentals Controls Assessment (‘SFCA') starts on05/01/23 and finishes ~05/08 : Performed by LMG consultant Parker Lee - Security Fundamentals Technical Testing(‘SFTT’) + Continuous Vulnerability Scans ('CVS’): Tenable portal set up for scans are to start on05/02/23 : Performed by LMG consultant Alex Rogers Now that we are getting closer to testing, I thought it would be a good time to hold the kickoff call with each of the consultants to discuss the components and to confirm the schedule with you. How is your early April looking? Below is our upcoming avalibility for a kickoff call: Wednesday, 04/05: 12 - 2pm MT Thursday, 04/06: 10:30 - 11:30am, 1-3pm MT Friday, 04/07: 10:30am - 1:30pm MT Monday, 04/10: 10:30am - 3pm MT Tuesday, 04/11: 10:30- 11:30am, 1 - 3pm MT Wednesday, 04/12: 11:30am - 3pm MT Thursday, 04/13: 10:30am - 2:30pm MT Friday, 04/14: 10:30am - 12pm MT Prior to the Kickoff just as a reminder, we’ll need the Technical Testing Questionnaire(TTQ) uploaded to ShareFile. Please let me know if you need me to send over a new TTQ document for you. https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 Best Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 On Feb 28, 2023, at 11:51 AM, Emilie Johnston <[email protected]> wrote: Thank you! EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Tuesday, February 28, 2023 10:51 AM To:Emilie Johnston <[email protected]> Cc:Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Thanks for your patience while we coordinated what would be best for your CEO’s ask. There are 2 handouts that we think would be best: [Business Email Compromise handout](https://www.lmgsecurity.com/resources/business-email-compromise/) [How to Spot a Phishing Email handout](https://www.lmgsecurity.com/resources/how-to-spot-a-phishing-email/) Please let me know if there are any other resources I can help with at this time. Best, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Feb 20, 2023, at 10:48 AM, Emilie Johnston <[email protected]> wrote: Hi Natalie, Awesome. This is what my CEO emailed me: “My hot button “issue” right now is internal and external emails. There are other subjects I'm sure..but I’d like to know …what is normal now…what is best practice etc. That is ….what is ok to be in an email, etc.” Does that help at all?😊 Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Monday, February 20, 2023 10:44 AM To:Emilie Johnston <[email protected]> Cc:Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, What a great question! We do have a variety of handouts that could help with emails. Could you please give me more info on what you’re looking for? Are you trying to help people avoid phishing emails? Prevent email hacking? Help people understand why they need MFA for email? Please let me know and I’ll happily be able to send over the resources we have available. Thanks, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Feb 20, 2023, at 9:14 AM, Emilie Johnston <[email protected]> wrote: Good Morning! I was wondering if you guys have any handouts that are specific to emails? Like the do’s and don’ts when sending emails? Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Tuesday, January 3, 2023 2:51 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]>; Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Stepping in here in regards to the webinar planning for June 2023! I’ve set up the webinar on GoToWebinar and sent you a calendar invitation with your individual sign on link, as well as the registration link to circulate to those you’d like to attend. I’ve included them here for convenience as well: Registration Link: https://attendee.gotowebinar.com/register/3051327714240822112 Emilie link: https://global.gotowebinar.com/pjoin/3051327714240822112/6376629108635408476 I will be reaching out in late April to schedule a kickoff call. We’ll go over various logistics including moderator roles, script revisions, and debrief times. In the mean time, please feel free to contact me with any questions you may have prior to the webinar. Thanks so much, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Jan 3, 2023, at 2:31 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Let’s do June 27that 4pm! Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Tuesday, January 3, 2023 2:28 PM To:Emilie Johnston <[email protected]> Cc:Natalie Bray <[email protected]>; Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Hope you had a great holiday weekend! Below is our current availability for the webinar within the time frame you had recommended: 6/27 from 4-5 PM MST 6/28 from 4-5 PM MST Please let me know if any timeframe listed will work for you. Additionally, I have copied Natalie Bray on this email incase you would like to explore any other future availability for the webinar. Thank you! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 30, 2022, at 1:18 PM, Emilie Johnston <[email protected]> wrote: Sounds perfect! Thank you! Bank of Montana’sUpcomingClosures: Friday, December 30th[embedded image]Closing at 3pm Monday, January 2nd⛄Closed EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Friday, December 30, 2022 12:18 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Thank you so much for the quick response. We have those technical testing dates booked. As for the Webinar, that sounds fantastic! I will coordinate with our scheduling team to get confirmation on exact date, and will circle back with you early next week. Kind Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 30, 2022, at 1:08 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Yes, those dates sound perfect! For the webinar – thinking somewhere in the last 2 weeks of June? From 3:30-5pm? Thanks, Emilie Bank of Montana’sUpcomingClosures: Friday, December 30th[embedded image]Closing at 3pm Monday, January 2nd⛄Closed EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Friday, December 30, 2022 11:30 AM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Hope you are well! Just wanted to check in with you and confirm the May testing dates outlined below and get your requested timeframe for the Webinar. Please let me know if you have any questions or need anything in the meantime. As a reminder, I will be following up with you 4-6 weeks prior to testing to get our kick off call set up with the assigned consultants. Have a happy new year! Kind Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 8, 2022, at 8:10 AM, Shannon Dinger <[email protected]> wrote: Hi Emilie, It’s great to be working with you on this project, as the Project Manager. Our process for completing the project is as follows: 1.Assign consultants and set schedule- This is complete. We have assigned the following consultants: Brandon Kirkbride to begin theExternal Penetration Test(EPT) on05/01/23and finish it on 05/03/23 Daniel Bennett to begin theInternal Penetration Test (IPT) on05/01/23and finish it on 05/03/23 Parker Lee to begin theSecurity Fundamentals Controls Assessment (SFCA) on05/03/23and finish it on 05/03/23 Quarterly Security Fundamentals Technical Testing(SFTT) starting on05/03/23 Webinar date TBD 2.Hold a kick-off call- introduce teams and discuss Goals and Objectives 3.Run each component on scheduled dates 4.Deliver reports - This is estimated to happen by05/25/23 (EPT, IPT, SFCA) 5.Hold wrap-up call- to discuss reports and address questions I will be reaching back out with you 4-6 prior to the start of testing to get the kickoff call on our calendars. In the meantime, you should have received an email from ShareFile, our secure document sharing platform. This is our preferred method for sharing confidential information during the project. The folder setup for you is titled 00270-2022-001. Be sure to check your junk email folder if you do not receive the notification and let me know if you have any trouble with access. If there is anyone else who should have access, please let me know and I will add them. Attached, is aTechnical Testing Questionnaire(TTQ). Please have it completed prior to our kickoff call and uploaded to ShareFile here:https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 <TTQ - 00270-2022-001 - Bank of Montana .docx> I look forward to speaking with you. Please let me know if you have any question or concerns. All the best, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image001.png>
customer-reply (internal)
Apr 26, 2023, 9:35 PM
Hi Emilie and Peet, I wanted to touch base on this again—please confirm if you’re able to get the virtual machine set up this week. We do not yet see it connecting back to us. Thank you! Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From: Paul Martin <[email protected]> Date: Tuesday, April 25, 2023 at 8:12 AM To: Shayna Fink <[email protected]> Cc: Emilie Johnston <[email protected]>, [email protected] <[email protected]>, [email protected] <[email protected]>, Projects <[email protected]>, IT <[email protected]>, Samuel Scroggins <[email protected]>, Emily Gosney <[email protected]>, Alex Rogers <[email protected]>, Brandon Kirkbride <[email protected]> Subject: Re: Kickoff Recap & Next Steps (00270-2022-001) Hi all, Checking in on the virtual machine setup for the Internal Penetration Test. We don’t see it connecting back yet - let us know if you need any assistance getting that VM setup. Thanks, Paul Martin CIO LMG Security Cell: (406) 830-5015 [email protected] On Apr 20, 2023, at 3:19 PM, Shayna Fink <[email protected]> wrote: Hi Emilie, Thank you for taking the time to meet with the LMG team today. Here are some high-level notes from our discussion, with action items inbold: Internal Penetration Test (IPT) – Emily Gosney - 5/1-5/3 - Start w/ discovery scanning - Nothing specific to test/look for - We currently do not see the virtual machine connecting back to us. Please refer to my prior email and feel free to reach out to our IT team (copied here) to troubleshoot if needed. External Penetration Test (EPT) – Brandon Kirkbride - 5/8-5/9 - Brandon will reach out if allowlisting is not in place and if he encounters lockout policy - Nothing specific to test/look for - SMB Egress: send to Emilie - Brandon to check if O365 was included in last year’s testing –it was. We will include it again this year. [Tenable.io](http://tenable.io/)Continuous Vulnerability Scanning & Security Fundamentals Technical Testing (SFTT) – Alex Rogers - Internal and external - 54 assets - Alex is setting up your portal on our end and will reach out to set up a meeting with you and Peet to walk you through the install on your end. - Frequency of scanning can be edited in portal by Bank of Montana team - SFTT (formal reporting on vulnerabilities) – twice a year (bi-quarterly) as per the SOW - Start date/first SFTT date TBD once portal is configured Security Fundamentals Controls Assessment (SFCA) – Sam Scroggins - Beginning May 1 - Documentation and interview request form – Sam needs by start of engagement - Emilie and/or Peet for all interviews All of the consultants for these components are copied here, so don’t hesitate to reach out with any questions or concerns that arise. We’re looking forward to getting started on this! Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Shayna Fink <[email protected]> Date:Tuesday, April 18, 2023 at 2:08 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]>, IT <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, We do not see your virtual machine connecting back to us. If that is what Peet meant, I’ve copied our IT team to troubleshoot the install directly. If that is not what he meant, please clarify when you can. Thank you! Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Shayna Fink <[email protected]> Date:Tuesday, April 18, 2023 at 1:55 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Great question! We need the documentation request before the start of the engagement, which is May 1. That being said, if you are able to fill out any portion of the document before our kickoff call on Thursday, please do so (even if it’s incomplete). Thank you for uploading the TTQ! I am checking with our internal IT team to see if your VM is connecting back to us, and I will get back to you shortly (I assume that is what Peet means?) Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Emilie Johnston <[email protected]> Date:Tuesday, April 18, 2023 at 1:46 PM To:Shannon Dinger <[email protected]> Cc:Projects <[email protected]> Subject:RE: Bank of Montana - Project Kickoff [00270-2022-001] Hi Again, When do you need the document request list completed and uploaded by? Thanks, Emile EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Thursday, April 6, 2023 2:01 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Sounds great! I will send over the Zoom call calendar invite here shortly for Thursday the 20th at 11am MT (call will be approx. 1hr). Below are some items to note inboldthat we will need to have prior to testing (you have plenty of time to work on this - no immediate rush) - Technical Testing Questionnaire(TTQ)to be complete and uploaded to ShareFile (let me know if you need a fresh copy of this document). Additionally, please make sure to read the instructions for the virtual machine download if you elect to use a virtual machine (vs. a physical device) for the Internal penetration testing. Please have it completed prior to our kickoff call and upload it to the project ShareFile folder https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 - IP Verification: On the TTQ, we will need you to provide the list of target IP addresses in advance, as well as any information necessary to verify that the targeted addresses belong to you for the External penetration test. - For the Security Fundamentals Control Assessment: I have uploaded information into the project Sharefile folder under LMG uploads - Security Engagement Quick Start Guide ('EQSG’) anddocument and interview request Excel Workbook to discuss during the kickoff call Be in touch soon, thanks again! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 <image002.png> On Apr 6, 2023, at 2:25 PM, Emilie Johnston <[email protected]> wrote: Lol no worries!! And gotcha! Let’s just do the Thursday, 4/20 call then.😊 Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Thursday, April 6, 2023 1:23 PM To:Emilie Johnston <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] * Emilie - so sorry for the mis-spelling !! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 <image002.png> On Apr 6, 2023, at 2:21 PM, Shannon Dinger <[email protected]> wrote: Hi Emily, Whichever week/timeframe works better for you! One of our consultants on this engagement will be out of office next week, but we can still do the kickoff without him, and have a separate call with him later. We can do next week on Monday the 10th and then have another shorter call scheduled the following week on Thursday 4/20 OR we can just do one hour long kickoff on Thursday 4/20 that has all consultants involved on the call. Let me know whatever works better for you. Thank you! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 <image001.png> On Apr 6, 2023, at 2:07 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Sorry, do you need one for each week? Or just one?😊 If you need one then: Can we do 2pm on Monday, 4/10? If you need two then: Can we do 2pm on Monday, 4/10? And then Thursday, 4/20 at 11am? Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Thursday, April 6, 2023 1:03 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Just wanted to touch base with you on avalibility for the kickoff call prior to testing beginning in early May. Below is our updated avalibility for a kickoff call: Week of 04/10:(Consultant performing your Fundamentals Controls Assessment is out of office this week so we could schedule a separate call with him the following week) Monday, 04/10: 9:30am - 10am, 10:30am - 3pm MT Tuesday, 04/11: 10:30am - 12pm, 12:30 - 2pm MT Wednesday, 04/12: 10:30am - 3pm MT Thursday, 04/13: 11am - 3pm MT Friday, 04/14: 10:30-11am, 12 - 2pm MT Week of 04/17: Monday, 04/17: 9:30 - 10, 10:30am - 3pm MT Tuesday, 04/18: 10:30am - 3pm MT Wednesday, 04/19: 10:30 - 11am, 1-2pm MT Thursday, 04/20: 10:30 - 3pm MT Friday, 04/21: 10:30am - 11am, 12:30 - 2pm MT Please let me know if any timeframes listed work best for you. Thanks! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 On Mar 31, 2023, at 12:17 PM, Shannon Dinger <[email protected]> wrote: Hi Emilie, Hope you are doing well! I just wanted to touch base regarding the technical testing that we are performing in May: - External Penetration Test(‘EPT') starts on05/08/23 and finishes 05/09: Performed by LMG consultant Brandon Kirkbride - Internal Penetration Test (‘IPT') starts on05/01/23 and finishes 05/03: Performed by LMG consultant Emily Gosney - Security Fundamentals Controls Assessment (‘SFCA') starts on05/01/23 and finishes ~05/08 : Performed by LMG consultant Parker Lee - Security Fundamentals Technical Testing(‘SFTT’) + Continuous Vulnerability Scans ('CVS’): Tenable portal set up for scans are to start on05/02/23 : Performed by LMG consultant Alex Rogers Now that we are getting closer to testing, I thought it would be a good time to hold the kickoff call with each of the consultants to discuss the components and to confirm the schedule with you. How is your early April looking? Below is our upcoming avalibility for a kickoff call: Wednesday, 04/05: 12 - 2pm MT Thursday, 04/06: 10:30 - 11:30am, 1-3pm MT Friday, 04/07: 10:30am - 1:30pm MT Monday, 04/10: 10:30am - 3pm MT Tuesday, 04/11: 10:30- 11:30am, 1 - 3pm MT Wednesday, 04/12: 11:30am - 3pm MT Thursday, 04/13: 10:30am - 2:30pm MT Friday, 04/14: 10:30am - 12pm MT Prior to the Kickoff just as a reminder, we’ll need the Technical Testing Questionnaire(TTQ) uploaded to ShareFile. Please let me know if you need me to send over a new TTQ document for you. https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 Best Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 On Feb 28, 2023, at 11:51 AM, Emilie Johnston <[email protected]> wrote: Thank you! EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Tuesday, February 28, 2023 10:51 AM To:Emilie Johnston <[email protected]> Cc:Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Thanks for your patience while we coordinated what would be best for your CEO’s ask. There are 2 handouts that we think would be best: [Business Email Compromise handout](https://www.lmgsecurity.com/resources/business-email-compromise/) [How to Spot a Phishing Email handout](https://www.lmgsecurity.com/resources/how-to-spot-a-phishing-email/) Please let me know if there are any other resources I can help with at this time. Best, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Feb 20, 2023, at 10:48 AM, Emilie Johnston <[email protected]> wrote: Hi Natalie, Awesome. This is what my CEO emailed me: “My hot button “issue” right now is internal and external emails. There are other subjects I'm sure..but I’d like to know …what is normal now…what is best practice etc. That is ….what is ok to be in an email, etc.” Does that help at all?😊 Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Monday, February 20, 2023 10:44 AM To:Emilie Johnston <[email protected]> Cc:Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, What a great question! We do have a variety of handouts that could help with emails. Could you please give me more info on what you’re looking for? Are you trying to help people avoid phishing emails? Prevent email hacking? Help people understand why they need MFA for email? Please let me know and I’ll happily be able to send over the resources we have available. Thanks, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Feb 20, 2023, at 9:14 AM, Emilie Johnston <[email protected]> wrote: Good Morning! I was wondering if you guys have any handouts that are specific to emails? Like the do’s and don’ts when sending emails? Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Tuesday, January 3, 2023 2:51 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]>; Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Stepping in here in regards to the webinar planning for June 2023! I’ve set up the webinar on GoToWebinar and sent you a calendar invitation with your individual sign on link, as well as the registration link to circulate to those you’d like to attend. I’ve included them here for convenience as well: Registration Link: https://attendee.gotowebinar.com/register/3051327714240822112 Emilie link: https://global.gotowebinar.com/pjoin/3051327714240822112/6376629108635408476 I will be reaching out in late April to schedule a kickoff call. We’ll go over various logistics including moderator roles, script revisions, and debrief times. In the mean time, please feel free to contact me with any questions you may have prior to the webinar. Thanks so much, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Jan 3, 2023, at 2:31 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Let’s do June 27that 4pm! Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Tuesday, January 3, 2023 2:28 PM To:Emilie Johnston <[email protected]> Cc:Natalie Bray <[email protected]>; Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Hope you had a great holiday weekend! Below is our current availability for the webinar within the time frame you had recommended: 6/27 from 4-5 PM MST 6/28 from 4-5 PM MST Please let me know if any timeframe listed will work for you. Additionally, I have copied Natalie Bray on this email incase you would like to explore any other future availability for the webinar. Thank you! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 30, 2022, at 1:18 PM, Emilie Johnston <[email protected]> wrote: Sounds perfect! Thank you! Bank of Montana’sUpcomingClosures: Friday, December 30th[embedded image]Closing at 3pm Monday, January 2nd⛄Closed EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Friday, December 30, 2022 12:18 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Thank you so much for the quick response. We have those technical testing dates booked. As for the Webinar, that sounds fantastic! I will coordinate with our scheduling team to get confirmation on exact date, and will circle back with you early next week. Kind Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 30, 2022, at 1:08 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Yes, those dates sound perfect! For the webinar – thinking somewhere in the last 2 weeks of June? From 3:30-5pm? Thanks, Emilie Bank of Montana’sUpcomingClosures: Friday, December 30th[embedded image]Closing at 3pm Monday, January 2nd⛄Closed EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Friday, December 30, 2022 11:30 AM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Hope you are well! Just wanted to check in with you and confirm the May testing dates outlined below and get your requested timeframe for the Webinar. Please let me know if you have any questions or need anything in the meantime. As a reminder, I will be following up with you 4-6 weeks prior to testing to get our kick off call set up with the assigned consultants. Have a happy new year! Kind Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 8, 2022, at 8:10 AM, Shannon Dinger <[email protected]> wrote: Hi Emilie, It’s great to be working with you on this project, as the Project Manager. Our process for completing the project is as follows: 1.Assign consultants and set schedule- This is complete. We have assigned the following consultants: Brandon Kirkbride to begin theExternal Penetration Test(EPT) on05/01/23and finish it on 05/03/23 Daniel Bennett to begin theInternal Penetration Test (IPT) on05/01/23and finish it on 05/03/23 Parker Lee to begin theSecurity Fundamentals Controls Assessment (SFCA) on05/03/23and finish it on 05/03/23 Quarterly Security Fundamentals Technical Testing(SFTT) starting on05/03/23 Webinar date TBD 2.Hold a kick-off call- introduce teams and discuss Goals and Objectives 3.Run each component on scheduled dates 4.Deliver reports - This is estimated to happen by05/25/23 (EPT, IPT, SFCA) 5.Hold wrap-up call- to discuss reports and address questions I will be reaching back out with you 4-6 prior to the start of testing to get the kickoff call on our calendars. In the meantime, you should have received an email from ShareFile, our secure document sharing platform. This is our preferred method for sharing confidential information during the project. The folder setup for you is titled 00270-2022-001. Be sure to check your junk email folder if you do not receive the notification and let me know if you have any trouble with access. If there is anyone else who should have access, please let me know and I will add them. Attached, is aTechnical Testing Questionnaire(TTQ). Please have it completed prior to our kickoff call and uploaded to ShareFile here:https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 <TTQ - 00270-2022-001 - Bank of Montana .docx> I look forward to speaking with you. Please let me know if you have any question or concerns. All the best, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image001.png>
customer-reply (internal)
Apr 26, 2023, 9:41 PM
Hi Shayna, I think he is working on a few things I need from him for the documentation request list. Once those are done, I believe he will work on this next. Thanks, Emilie Please Note: Bank of Montana will be closing at 3:00pm on Friday, April 28, 2023. EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 [embedded image] The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From: Shayna Fink <[email protected]> Sent: Wednesday, April 26, 2023 3:35 PM To: Emilie Johnston <[email protected]>; Peet McKinney @ Artichoke Consulting <[email protected]>; [email protected] Cc: Projects <[email protected]>; Paul Martin <[email protected]>; IT <[email protected]>; Samuel Scroggins <[email protected]>; Emily Gosney <[email protected]>; Alex Rogers <[email protected]>; Brandon Kirkbride <[email protected]> Subject: Re: Kickoff Recap & Next Steps (00270-2022-001) [EXTERNAL - This message was sent from an email outside of Bank of Montana. Please use caution when following links or opening attachments.] Hi Emilie and Peet, I wanted to touch base on this again—please confirm if you’re able to get the virtual machine set up this week. We do not yet see it connecting back to us. Thank you! Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Paul Martin <[email protected]> Date: Tuesday, April 25, 2023 at 8:12 AM To: Shayna Fink <[email protected]> Cc: Emilie Johnston <[email protected]>,[email protected] <[email protected]>,[email protected] <[email protected]>, Projects <[email protected]>, IT <[email protected]>, Samuel Scroggins <[email protected]>, Emily Gosney <[email protected]>, Alex Rogers <[email protected]>, Brandon Kirkbride <[email protected]> Subject: Re: Kickoff Recap & Next Steps (00270-2022-001) Hi all, Checking in on the virtual machine setup for the Internal Penetration Test. We don’t see it connecting back yet - let us know if you need any assistance getting that VM setup. Thanks, Paul Martin CIO LMG Security Cell: (406) 830-5015 [email protected] On Apr 20, 2023, at 3:19 PM, Shayna Fink <[email protected]> wrote: Hi Emilie, Thank you for taking the time to meet with the LMG team today. Here are some high-level notes from our discussion, with action items inbold: Internal Penetration Test (IPT) – Emily Gosney - 5/1-5/3 - Start w/ discovery scanning - Nothing specific to test/look for - We currently do not see the virtual machine connecting back to us. Please refer to my prior email and feel free to reach out to our IT team (copied here) to troubleshoot if needed. External Penetration Test (EPT) – Brandon Kirkbride - 5/8-5/9 - Brandon will reach out if allowlisting is not in place and if he encounters lockout policy - Nothing specific to test/look for - SMB Egress: send to Emilie - Brandon to check if O365 was included in last year’s testing –it was. We will include it again this year. [Tenable.io](http://tenable.io/)Continuous Vulnerability Scanning & Security Fundamentals Technical Testing (SFTT) – Alex Rogers - Internal and external - 54 assets - Alex is setting up your portal on our end and will reach out to set up a meeting with you and Peet to walk you through the install on your end. - Frequency of scanning can be edited in portal by Bank of Montana team - SFTT (formal reporting on vulnerabilities) – twice a year (bi-quarterly) as per the SOW - Start date/first SFTT date TBD once portal is configured Security Fundamentals Controls Assessment (SFCA) – Sam Scroggins - Beginning May 1 - Documentation and interview request form – Sam needs by start of engagement - Emilie and/or Peet for all interviews All of the consultants for these components are copied here, so don’t hesitate to reach out with any questions or concerns that arise. We’re looking forward to getting started on this! Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Shayna Fink <[email protected]> Date:Tuesday, April 18, 2023 at 2:08 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]>, IT <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, We do not see your virtual machine connecting back to us. If that is what Peet meant, I’ve copied our IT team to troubleshoot the install directly. If that is not what he meant, please clarify when you can. Thank you! Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Shayna Fink <[email protected]> Date:Tuesday, April 18, 2023 at 1:55 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Great question! We need the documentation request before the start of the engagement, which is May 1. That being said, if you are able to fill out any portion of the document before our kickoff call on Thursday, please do so (even if it’s incomplete). Thank you for uploading the TTQ! I am checking with our internal IT team to see if your VM is connecting back to us, and I will get back to you shortly (I assume that is what Peet means?) Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Emilie Johnston <[email protected]> Date:Tuesday, April 18, 2023 at 1:46 PM To:Shannon Dinger <[email protected]> Cc:Projects <[email protected]> Subject:RE: Bank of Montana - Project Kickoff [00270-2022-001] Hi Again, When do you need the document request list completed and uploaded by? Thanks, Emile EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Thursday, April 6, 2023 2:01 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Sounds great! I will send over the Zoom call calendar invite here shortly for Thursday the 20th at 11am MT (call will be approx. 1hr). Below are some items to note inboldthat we will need to have prior to testing (you have plenty of time to work on this - no immediate rush) - Technical Testing Questionnaire(TTQ)to be complete and uploaded to ShareFile (let me know if you need a fresh copy of this document). Additionally, please make sure to read the instructions for the virtual machine download if you elect to use a virtual machine (vs. a physical device) for the Internal penetration testing. Please have it completed prior to our kickoff call and upload it to the project ShareFile folder https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 - IP Verification: On the TTQ, we will need you to provide the list of target IP addresses in advance, as well as any information necessary to verify that the targeted addresses belong to you for the External penetration test. - For the Security Fundamentals Control Assessment: I have uploaded information into the project Sharefile folder under LMG uploads - Security Engagement Quick Start Guide ('EQSG’) anddocument and interview request Excel Workbook to discuss during the kickoff call Be in touch soon, thanks again! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 <image002.png> On Apr 6, 2023, at 2:25 PM, Emilie Johnston <[email protected]> wrote: Lol no worries!! And gotcha! Let’s just do the Thursday, 4/20 call then.😊 Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Thursday, April 6, 2023 1:23 PM To:Emilie Johnston <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] * Emilie - so sorry for the mis-spelling !! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 <image002.png> On Apr 6, 2023, at 2:21 PM, Shannon Dinger <[email protected]> wrote: Hi Emily, Whichever week/timeframe works better for you! One of our consultants on this engagement will be out of office next week, but we can still do the kickoff without him, and have a separate call with him later. We can do next week on Monday the 10th and then have another shorter call scheduled the following week on Thursday 4/20 OR we can just do one hour long kickoff on Thursday 4/20 that has all consultants involved on the call. Let me know whatever works better for you. Thank you! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 <image001.png> On Apr 6, 2023, at 2:07 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Sorry, do you need one for each week? Or just one?😊 If you need one then: Can we do 2pm on Monday, 4/10? If you need two then: Can we do 2pm on Monday, 4/10? And then Thursday, 4/20 at 11am? Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Thursday, April 6, 2023 1:03 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Just wanted to touch base with you on avalibility for the kickoff call prior to testing beginning in early May. Below is our updated avalibility for a kickoff call: Week of 04/10:(Consultant performing your Fundamentals Controls Assessment is out of office this week so we could schedule a separate call with him the following week) Monday, 04/10: 9:30am - 10am, 10:30am - 3pm MT Tuesday, 04/11: 10:30am - 12pm, 12:30 - 2pm MT Wednesday, 04/12: 10:30am - 3pm MT Thursday, 04/13: 11am - 3pm MT Friday, 04/14: 10:30-11am, 12 - 2pm MT Week of 04/17: Monday, 04/17: 9:30 - 10, 10:30am - 3pm MT Tuesday, 04/18: 10:30am - 3pm MT Wednesday, 04/19: 10:30 - 11am, 1-2pm MT Thursday, 04/20: 10:30 - 3pm MT Friday, 04/21: 10:30am - 11am, 12:30 - 2pm MT Please let me know if any timeframes listed work best for you. Thanks! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 On Mar 31, 2023, at 12:17 PM, Shannon Dinger <[email protected]> wrote: Hi Emilie, Hope you are doing well! I just wanted to touch base regarding the technical testing that we are performing in May: - External Penetration Test(‘EPT') starts on05/08/23 and finishes 05/09: Performed by LMG consultant Brandon Kirkbride - Internal Penetration Test (‘IPT') starts on05/01/23 and finishes 05/03: Performed by LMG consultant Emily Gosney - Security Fundamentals Controls Assessment (‘SFCA') starts on05/01/23 and finishes ~05/08 : Performed by LMG consultant Parker Lee - Security Fundamentals Technical Testing(‘SFTT’) + Continuous Vulnerability Scans ('CVS’): Tenable portal set up for scans are to start on05/02/23 : Performed by LMG consultant Alex Rogers Now that we are getting closer to testing, I thought it would be a good time to hold the kickoff call with each of the consultants to discuss the components and to confirm the schedule with you. How is your early April looking? Below is our upcoming avalibility for a kickoff call: Wednesday, 04/05: 12 - 2pm MT Thursday, 04/06: 10:30 - 11:30am, 1-3pm MT Friday, 04/07: 10:30am - 1:30pm MT Monday, 04/10: 10:30am - 3pm MT Tuesday, 04/11: 10:30- 11:30am, 1 - 3pm MT Wednesday, 04/12: 11:30am - 3pm MT Thursday, 04/13: 10:30am - 2:30pm MT Friday, 04/14: 10:30am - 12pm MT Prior to the Kickoff just as a reminder, we’ll need the Technical Testing Questionnaire(TTQ) uploaded to ShareFile. Please let me know if you need me to send over a new TTQ document for you. https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 Best Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 On Feb 28, 2023, at 11:51 AM, Emilie Johnston <[email protected]> wrote: Thank you! EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Tuesday, February 28, 2023 10:51 AM To:Emilie Johnston <[email protected]> Cc:Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Thanks for your patience while we coordinated what would be best for your CEO’s ask. There are 2 handouts that we think would be best: [Business Email Compromise handout](https://www.lmgsecurity.com/resources/business-email-compromise/) [How to Spot a Phishing Email handout](https://www.lmgsecurity.com/resources/how-to-spot-a-phishing-email/) Please let me know if there are any other resources I can help with at this time. Best, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Feb 20, 2023, at 10:48 AM, Emilie Johnston <[email protected]> wrote: Hi Natalie, Awesome. This is what my CEO emailed me: “My hot button “issue” right now is internal and external emails. There are other subjects I'm sure..but I’d like to know …what is normal now…what is best practice etc. That is ….what is ok to be in an email, etc.” Does that help at all?😊 Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Monday, February 20, 2023 10:44 AM To:Emilie Johnston <[email protected]> Cc:Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, What a great question! We do have a variety of handouts that could help with emails. Could you please give me more info on what you’re looking for? Are you trying to help people avoid phishing emails? Prevent email hacking? Help people understand why they need MFA for email? Please let me know and I’ll happily be able to send over the resources we have available. Thanks, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Feb 20, 2023, at 9:14 AM, Emilie Johnston <[email protected]> wrote: Good Morning! I was wondering if you guys have any handouts that are specific to emails? Like the do’s and don’ts when sending emails? Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Tuesday, January 3, 2023 2:51 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]>; Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Stepping in here in regards to the webinar planning for June 2023! I’ve set up the webinar on GoToWebinar and sent you a calendar invitation with your individual sign on link, as well as the registration link to circulate to those you’d like to attend. I’ve included them here for convenience as well: Registration Link: https://attendee.gotowebinar.com/register/3051327714240822112 Emilie link: https://global.gotowebinar.com/pjoin/3051327714240822112/6376629108635408476 I will be reaching out in late April to schedule a kickoff call. We’ll go over various logistics including moderator roles, script revisions, and debrief times. In the mean time, please feel free to contact me with any questions you may have prior to the webinar. Thanks so much, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Jan 3, 2023, at 2:31 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Let’s do June 27that 4pm! Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Tuesday, January 3, 2023 2:28 PM To:Emilie Johnston <[email protected]> Cc:Natalie Bray <[email protected]>; Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Hope you had a great holiday weekend! Below is our current availability for the webinar within the time frame you had recommended: 6/27 from 4-5 PM MST 6/28 from 4-5 PM MST Please let me know if any timeframe listed will work for you. Additionally, I have copied Natalie Bray on this email incase you would like to explore any other future availability for the webinar. Thank you! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 30, 2022, at 1:18 PM, Emilie Johnston <[email protected]> wrote: Sounds perfect! Thank you! Bank of Montana’sUpcomingClosures: Friday, December 30th[embedded image]Closing at 3pm Monday, January 2nd⛄Closed EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Friday, December 30, 2022 12:18 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Thank you so much for the quick response. We have those technical testing dates booked. As for the Webinar, that sounds fantastic! I will coordinate with our scheduling team to get confirmation on exact date, and will circle back with you early next week. Kind Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 30, 2022, at 1:08 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Yes, those dates sound perfect! For the webinar – thinking somewhere in the last 2 weeks of June? From 3:30-5pm? Thanks, Emilie Bank of Montana’sUpcomingClosures: Friday, December 30th[embedded image]Closing at 3pm Monday, January 2nd⛄Closed EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Friday, December 30, 2022 11:30 AM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Hope you are well! Just wanted to check in with you and confirm the May testing dates outlined below and get your requested timeframe for the Webinar. Please let me know if you have any questions or need anything in the meantime. As a reminder, I will be following up with you 4-6 weeks prior to testing to get our kick off call set up with the assigned consultants. Have a happy new year! Kind Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 8, 2022, at 8:10 AM, Shannon Dinger <[email protected]> wrote: Hi Emilie, It’s great to be working with you on this project, as the Project Manager. Our process for completing the project is as follows: 1.Assign consultants and set schedule- This is complete. We have assigned the following consultants: Brandon Kirkbride to begin theExternal Penetration Test(EPT) on05/01/23and finish it on 05/03/23 Daniel Bennett to begin theInternal Penetration Test (IPT) on05/01/23and finish it on 05/03/23 Parker Lee to begin theSecurity Fundamentals Controls Assessment (SFCA) on05/03/23and finish it on 05/03/23 Quarterly Security Fundamentals Technical Testing(SFTT) starting on05/03/23 Webinar date TBD 2.Hold a kick-off call- introduce teams and discuss Goals and Objectives 3.Run each component on scheduled dates 4.Deliver reports - This is estimated to happen by05/25/23 (EPT, IPT, SFCA) 5.Hold wrap-up call- to discuss reports and address questions I will be reaching back out with you 4-6 prior to the start of testing to get the kickoff call on our calendars. In the meantime, you should have received an email from ShareFile, our secure document sharing platform. This is our preferred method for sharing confidential information during the project. The folder setup for you is titled 00270-2022-001. Be sure to check your junk email folder if you do not receive the notification and let me know if you have any trouble with access. If there is anyone else who should have access, please let me know and I will add them. Attached, is aTechnical Testing Questionnaire(TTQ). Please have it completed prior to our kickoff call and uploaded to ShareFile here:https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 <TTQ - 00270-2022-001 - Bank of Montana .docx> I look forward to speaking with you. Please let me know if you have any question or concerns. All the best, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image001.png>
customer-reply (internal)
Apr 26, 2023, 10:32 PM
Hi Emilie, Great, thanks so much for the update! Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Emilie Johnston <[email protected]> Date: Wednesday, April 26, 2023 at 2:41 PM To: Shayna Fink <[email protected]>, Peet McKinney @ Artichoke Consulting <[email protected]>, [email protected] <[email protected]> Cc: Projects <[email protected]>, Paul Martin <[email protected]>, IT <[email protected]>, Samuel Scroggins <[email protected]>, Emily Gosney <[email protected]>, Alex Rogers <[email protected]>, Brandon Kirkbride <[email protected]> Subject: RE: Kickoff Recap & Next Steps (00270-2022-001) Hi Shayna, I think he is working on a few things I need from him for the documentation request list. Once those are done, I believe he will work on this next. Thanks, Emilie Please Note: Bank of Montana will be closing at 3:00pm on Friday, April 28, 2023. EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 [embedded image] The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From: Shayna Fink <[email protected]> Sent: Wednesday, April 26, 2023 3:35 PM To: Emilie Johnston <[email protected]>; Peet McKinney @ Artichoke Consulting <[email protected]>; [email protected] Cc: Projects <[email protected]>; Paul Martin <[email protected]>; IT <[email protected]>; Samuel Scroggins <[email protected]>; Emily Gosney <[email protected]>; Alex Rogers <[email protected]>; Brandon Kirkbride <[email protected]> Subject: Re: Kickoff Recap & Next Steps (00270-2022-001) [EXTERNAL - This message was sent from an email outside of Bank of Montana. Please use caution when following links or opening attachments.] Hi Emilie and Peet, I wanted to touch base on this again—please confirm if you’re able to get the virtual machine set up this week. We do not yet see it connecting back to us. Thank you! Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Paul Martin <[email protected]> Date: Tuesday, April 25, 2023 at 8:12 AM To: Shayna Fink <[email protected]> Cc: Emilie Johnston <[email protected]>,[email protected] <[email protected]>,[email protected] <[email protected]>, Projects <[email protected]>, IT <[email protected]>, Samuel Scroggins <[email protected]>, Emily Gosney <[email protected]>, Alex Rogers <[email protected]>, Brandon Kirkbride <[email protected]> Subject: Re: Kickoff Recap & Next Steps (00270-2022-001) Hi all, Checking in on the virtual machine setup for the Internal Penetration Test. We don’t see it connecting back yet - let us know if you need any assistance getting that VM setup. Thanks, Paul Martin CIO LMG Security Cell: (406) 830-5015 [email protected] On Apr 20, 2023, at 3:19 PM, Shayna Fink <[email protected]> wrote: Hi Emilie, Thank you for taking the time to meet with the LMG team today. Here are some high-level notes from our discussion, with action items inbold: Internal Penetration Test (IPT) – Emily Gosney - 5/1-5/3 - Start w/ discovery scanning - Nothing specific to test/look for - We currently do not see the virtual machine connecting back to us. Please refer to my prior email and feel free to reach out to our IT team (copied here) to troubleshoot if needed. External Penetration Test (EPT) – Brandon Kirkbride - 5/8-5/9 - Brandon will reach out if allowlisting is not in place and if he encounters lockout policy - Nothing specific to test/look for - SMB Egress: send to Emilie - Brandon to check if O365 was included in last year’s testing –it was. We will include it again this year. [Tenable.io](http://tenable.io/)Continuous Vulnerability Scanning & Security Fundamentals Technical Testing (SFTT) – Alex Rogers - Internal and external - 54 assets - Alex is setting up your portal on our end and will reach out to set up a meeting with you and Peet to walk you through the install on your end. - Frequency of scanning can be edited in portal by Bank of Montana team - SFTT (formal reporting on vulnerabilities) – twice a year (bi-quarterly) as per the SOW - Start date/first SFTT date TBD once portal is configured Security Fundamentals Controls Assessment (SFCA) – Sam Scroggins - Beginning May 1 - Documentation and interview request form – Sam needs by start of engagement - Emilie and/or Peet for all interviews All of the consultants for these components are copied here, so don’t hesitate to reach out with any questions or concerns that arise. We’re looking forward to getting started on this! Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Shayna Fink <[email protected]> Date:Tuesday, April 18, 2023 at 2:08 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]>, IT <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, We do not see your virtual machine connecting back to us. If that is what Peet meant, I’ve copied our IT team to troubleshoot the install directly. If that is not what he meant, please clarify when you can. Thank you! Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Shayna Fink <[email protected]> Date:Tuesday, April 18, 2023 at 1:55 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Great question! We need the documentation request before the start of the engagement, which is May 1. That being said, if you are able to fill out any portion of the document before our kickoff call on Thursday, please do so (even if it’s incomplete). Thank you for uploading the TTQ! I am checking with our internal IT team to see if your VM is connecting back to us, and I will get back to you shortly (I assume that is what Peet means?) Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Emilie Johnston <[email protected]> Date:Tuesday, April 18, 2023 at 1:46 PM To:Shannon Dinger <[email protected]> Cc:Projects <[email protected]> Subject:RE: Bank of Montana - Project Kickoff [00270-2022-001] Hi Again, When do you need the document request list completed and uploaded by? Thanks, Emile EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Thursday, April 6, 2023 2:01 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Sounds great! I will send over the Zoom call calendar invite here shortly for Thursday the 20th at 11am MT (call will be approx. 1hr). Below are some items to note inboldthat we will need to have prior to testing (you have plenty of time to work on this - no immediate rush) - Technical Testing Questionnaire(TTQ)to be complete and uploaded to ShareFile (let me know if you need a fresh copy of this document). Additionally, please make sure to read the instructions for the virtual machine download if you elect to use a virtual machine (vs. a physical device) for the Internal penetration testing. Please have it completed prior to our kickoff call and upload it to the project ShareFile folder https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 - IP Verification: On the TTQ, we will need you to provide the list of target IP addresses in advance, as well as any information necessary to verify that the targeted addresses belong to you for the External penetration test. - For the Security Fundamentals Control Assessment: I have uploaded information into the project Sharefile folder under LMG uploads - Security Engagement Quick Start Guide ('EQSG’) anddocument and interview request Excel Workbook to discuss during the kickoff call Be in touch soon, thanks again! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 <image002.png> On Apr 6, 2023, at 2:25 PM, Emilie Johnston <[email protected]> wrote: Lol no worries!! And gotcha! Let’s just do the Thursday, 4/20 call then.😊 Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Thursday, April 6, 2023 1:23 PM To:Emilie Johnston <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] * Emilie - so sorry for the mis-spelling !! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 <image002.png> On Apr 6, 2023, at 2:21 PM, Shannon Dinger <[email protected]> wrote: Hi Emily, Whichever week/timeframe works better for you! One of our consultants on this engagement will be out of office next week, but we can still do the kickoff without him, and have a separate call with him later. We can do next week on Monday the 10th and then have another shorter call scheduled the following week on Thursday 4/20 OR we can just do one hour long kickoff on Thursday 4/20 that has all consultants involved on the call. Let me know whatever works better for you. Thank you! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 <image001.png> On Apr 6, 2023, at 2:07 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Sorry, do you need one for each week? Or just one?😊 If you need one then: Can we do 2pm on Monday, 4/10? If you need two then: Can we do 2pm on Monday, 4/10? And then Thursday, 4/20 at 11am? Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Thursday, April 6, 2023 1:03 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Just wanted to touch base with you on avalibility for the kickoff call prior to testing beginning in early May. Below is our updated avalibility for a kickoff call: Week of 04/10:(Consultant performing your Fundamentals Controls Assessment is out of office this week so we could schedule a separate call with him the following week) Monday, 04/10: 9:30am - 10am, 10:30am - 3pm MT Tuesday, 04/11: 10:30am - 12pm, 12:30 - 2pm MT Wednesday, 04/12: 10:30am - 3pm MT Thursday, 04/13: 11am - 3pm MT Friday, 04/14: 10:30-11am, 12 - 2pm MT Week of 04/17: Monday, 04/17: 9:30 - 10, 10:30am - 3pm MT Tuesday, 04/18: 10:30am - 3pm MT Wednesday, 04/19: 10:30 - 11am, 1-2pm MT Thursday, 04/20: 10:30 - 3pm MT Friday, 04/21: 10:30am - 11am, 12:30 - 2pm MT Please let me know if any timeframes listed work best for you. Thanks! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 On Mar 31, 2023, at 12:17 PM, Shannon Dinger <[email protected]> wrote: Hi Emilie, Hope you are doing well! I just wanted to touch base regarding the technical testing that we are performing in May: - External Penetration Test(‘EPT') starts on05/08/23 and finishes 05/09: Performed by LMG consultant Brandon Kirkbride - Internal Penetration Test (‘IPT') starts on05/01/23 and finishes 05/03: Performed by LMG consultant Emily Gosney - Security Fundamentals Controls Assessment (‘SFCA') starts on05/01/23 and finishes ~05/08 : Performed by LMG consultant Parker Lee - Security Fundamentals Technical Testing(‘SFTT’) + Continuous Vulnerability Scans ('CVS’): Tenable portal set up for scans are to start on05/02/23 : Performed by LMG consultant Alex Rogers Now that we are getting closer to testing, I thought it would be a good time to hold the kickoff call with each of the consultants to discuss the components and to confirm the schedule with you. How is your early April looking? Below is our upcoming avalibility for a kickoff call: Wednesday, 04/05: 12 - 2pm MT Thursday, 04/06: 10:30 - 11:30am, 1-3pm MT Friday, 04/07: 10:30am - 1:30pm MT Monday, 04/10: 10:30am - 3pm MT Tuesday, 04/11: 10:30- 11:30am, 1 - 3pm MT Wednesday, 04/12: 11:30am - 3pm MT Thursday, 04/13: 10:30am - 2:30pm MT Friday, 04/14: 10:30am - 12pm MT Prior to the Kickoff just as a reminder, we’ll need the Technical Testing Questionnaire(TTQ) uploaded to ShareFile. Please let me know if you need me to send over a new TTQ document for you. https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 Best Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 On Feb 28, 2023, at 11:51 AM, Emilie Johnston <[email protected]> wrote: Thank you! EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Tuesday, February 28, 2023 10:51 AM To:Emilie Johnston <[email protected]> Cc:Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Thanks for your patience while we coordinated what would be best for your CEO’s ask. There are 2 handouts that we think would be best: [Business Email Compromise handout](https://www.lmgsecurity.com/resources/business-email-compromise/) [How to Spot a Phishing Email handout](https://www.lmgsecurity.com/resources/how-to-spot-a-phishing-email/) Please let me know if there are any other resources I can help with at this time. Best, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Feb 20, 2023, at 10:48 AM, Emilie Johnston <[email protected]> wrote: Hi Natalie, Awesome. This is what my CEO emailed me: “My hot button “issue” right now is internal and external emails. There are other subjects I'm sure..but I’d like to know …what is normal now…what is best practice etc. That is ….what is ok to be in an email, etc.” Does that help at all?😊 Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Monday, February 20, 2023 10:44 AM To:Emilie Johnston <[email protected]> Cc:Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, What a great question! We do have a variety of handouts that could help with emails. Could you please give me more info on what you’re looking for? Are you trying to help people avoid phishing emails? Prevent email hacking? Help people understand why they need MFA for email? Please let me know and I’ll happily be able to send over the resources we have available. Thanks, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Feb 20, 2023, at 9:14 AM, Emilie Johnston <[email protected]> wrote: Good Morning! I was wondering if you guys have any handouts that are specific to emails? Like the do’s and don’ts when sending emails? Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Tuesday, January 3, 2023 2:51 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]>; Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Stepping in here in regards to the webinar planning for June 2023! I’ve set up the webinar on GoToWebinar and sent you a calendar invitation with your individual sign on link, as well as the registration link to circulate to those you’d like to attend. I’ve included them here for convenience as well: Registration Link: https://attendee.gotowebinar.com/register/3051327714240822112 Emilie link: https://global.gotowebinar.com/pjoin/3051327714240822112/6376629108635408476 I will be reaching out in late April to schedule a kickoff call. We’ll go over various logistics including moderator roles, script revisions, and debrief times. In the mean time, please feel free to contact me with any questions you may have prior to the webinar. Thanks so much, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Jan 3, 2023, at 2:31 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Let’s do June 27that 4pm! Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Tuesday, January 3, 2023 2:28 PM To:Emilie Johnston <[email protected]> Cc:Natalie Bray <[email protected]>; Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Hope you had a great holiday weekend! Below is our current availability for the webinar within the time frame you had recommended: 6/27 from 4-5 PM MST 6/28 from 4-5 PM MST Please let me know if any timeframe listed will work for you. Additionally, I have copied Natalie Bray on this email incase you would like to explore any other future availability for the webinar. Thank you! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 30, 2022, at 1:18 PM, Emilie Johnston <[email protected]> wrote: Sounds perfect! Thank you! Bank of Montana’sUpcomingClosures: Friday, December 30th[embedded image]Closing at 3pm Monday, January 2nd⛄Closed EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Friday, December 30, 2022 12:18 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Thank you so much for the quick response. We have those technical testing dates booked. As for the Webinar, that sounds fantastic! I will coordinate with our scheduling team to get confirmation on exact date, and will circle back with you early next week. Kind Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 30, 2022, at 1:08 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Yes, those dates sound perfect! For the webinar – thinking somewhere in the last 2 weeks of June? From 3:30-5pm? Thanks, Emilie Bank of Montana’sUpcomingClosures: Friday, December 30th[embedded image]Closing at 3pm Monday, January 2nd⛄Closed EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Friday, December 30, 2022 11:30 AM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Hope you are well! Just wanted to check in with you and confirm the May testing dates outlined below and get your requested timeframe for the Webinar. Please let me know if you have any questions or need anything in the meantime. As a reminder, I will be following up with you 4-6 weeks prior to testing to get our kick off call set up with the assigned consultants. Have a happy new year! Kind Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 8, 2022, at 8:10 AM, Shannon Dinger <[email protected]> wrote: Hi Emilie, It’s great to be working with you on this project, as the Project Manager. Our process for completing the project is as follows: 1.Assign consultants and set schedule- This is complete. We have assigned the following consultants: Brandon Kirkbride to begin theExternal Penetration Test(EPT) on05/01/23and finish it on 05/03/23 Daniel Bennett to begin theInternal Penetration Test (IPT) on05/01/23and finish it on 05/03/23 Parker Lee to begin theSecurity Fundamentals Controls Assessment (SFCA) on05/03/23and finish it on 05/03/23 Quarterly Security Fundamentals Technical Testing(SFTT) starting on05/03/23 Webinar date TBD 2.Hold a kick-off call- introduce teams and discuss Goals and Objectives 3.Run each component on scheduled dates 4.Deliver reports - This is estimated to happen by05/25/23 (EPT, IPT, SFCA) 5.Hold wrap-up call- to discuss reports and address questions I will be reaching back out with you 4-6 prior to the start of testing to get the kickoff call on our calendars. In the meantime, you should have received an email from ShareFile, our secure document sharing platform. This is our preferred method for sharing confidential information during the project. The folder setup for you is titled 00270-2022-001. Be sure to check your junk email folder if you do not receive the notification and let me know if you have any trouble with access. If there is anyone else who should have access, please let me know and I will add them. Attached, is aTechnical Testing Questionnaire(TTQ). Please have it completed prior to our kickoff call and uploaded to ShareFile here:https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 <TTQ - 00270-2022-001 - Bank of Montana .docx> I look forward to speaking with you. Please let me know if you have any question or concerns. All the best, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image001.png>
customer-reply (internal)
Apr 28, 2023, 2:48 PM
Morning all! I am currently uploading everything from the doc request list so you should see that shortly. Peet is planning on looking at the VM today. Thanks, Emilie Please Note: Bank of Montana will be closing at 3:00pm on Friday, April 28, 2023. EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 [embedded image] The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From: Shayna Fink <[email protected]> Sent: Wednesday, April 26, 2023 4:32 PM To: Emilie Johnston <[email protected]>; Peet McKinney @ Artichoke Consulting <[email protected]>; [email protected] Cc: Projects <[email protected]>; Paul Martin <[email protected]>; IT <[email protected]>; Samuel Scroggins <[email protected]>; Emily Gosney <[email protected]>; Alex Rogers <[email protected]>; Brandon Kirkbride <[email protected]> Subject: Re: Kickoff Recap & Next Steps (00270-2022-001) [EXTERNAL - This message was sent from an email outside of Bank of Montana. Please use caution when following links or opening attachments.] Hi Emilie, Great, thanks so much for the update! Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Emilie Johnston <[email protected]> Date: Wednesday, April 26, 2023 at 2:41 PM To: Shayna Fink <[email protected]>, Peet McKinney @ Artichoke Consulting <[email protected]>,[email protected] <[email protected]> Cc: Projects <[email protected]>, Paul Martin <[email protected]>, IT <[email protected]>, Samuel Scroggins <[email protected]>, Emily Gosney <[email protected]>, Alex Rogers <[email protected]>, Brandon Kirkbride <[email protected]> Subject: RE: Kickoff Recap & Next Steps (00270-2022-001) Hi Shayna, I think he is working on a few things I need from him for the documentation request list. Once those are done, I believe he will work on this next. Thanks, Emilie Please Note: Bank of Montana will be closing at 3:00pm on Friday, April 28, 2023. EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 [embedded image] The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From: Shayna Fink <[email protected]> Sent: Wednesday, April 26, 2023 3:35 PM To: Emilie Johnston <[email protected]>; Peet McKinney @ Artichoke Consulting <[email protected]>;[email protected] Cc: Projects <[email protected]>; Paul Martin <[email protected]>; IT <[email protected]>; Samuel Scroggins <[email protected]>; Emily Gosney <[email protected]>; Alex Rogers <[email protected]>; Brandon Kirkbride <[email protected]> Subject: Re: Kickoff Recap & Next Steps (00270-2022-001) [EXTERNAL - This message was sent from an email outside of Bank of Montana. Please use caution when following links or opening attachments.] Hi Emilie and Peet, I wanted to touch base on this again—please confirm if you’re able to get the virtual machine set up this week. We do not yet see it connecting back to us. Thank you! Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Paul Martin <[email protected]> Date: Tuesday, April 25, 2023 at 8:12 AM To: Shayna Fink <[email protected]> Cc: Emilie Johnston <[email protected]>,[email protected] <[email protected]>,[email protected] <[email protected]>, Projects <[email protected]>, IT <[email protected]>, Samuel Scroggins <[email protected]>, Emily Gosney <[email protected]>, Alex Rogers <[email protected]>, Brandon Kirkbride <[email protected]> Subject: Re: Kickoff Recap & Next Steps (00270-2022-001) Hi all, Checking in on the virtual machine setup for the Internal Penetration Test. We don’t see it connecting back yet - let us know if you need any assistance getting that VM setup. Thanks, Paul Martin CIO LMG Security Cell: (406) 830-5015 [email protected] On Apr 20, 2023, at 3:19 PM, Shayna Fink <[email protected]> wrote: Hi Emilie, Thank you for taking the time to meet with the LMG team today. Here are some high-level notes from our discussion, with action items inbold: Internal Penetration Test (IPT) – Emily Gosney - 5/1-5/3 - Start w/ discovery scanning - Nothing specific to test/look for - We currently do not see the virtual machine connecting back to us. Please refer to my prior email and feel free to reach out to our IT team (copied here) to troubleshoot if needed. External Penetration Test (EPT) – Brandon Kirkbride - 5/8-5/9 - Brandon will reach out if allowlisting is not in place and if he encounters lockout policy - Nothing specific to test/look for - SMB Egress: send to Emilie - Brandon to check if O365 was included in last year’s testing –it was. We will include it again this year. [Tenable.io](http://tenable.io/)Continuous Vulnerability Scanning & Security Fundamentals Technical Testing (SFTT) – Alex Rogers - Internal and external - 54 assets - Alex is setting up your portal on our end and will reach out to set up a meeting with you and Peet to walk you through the install on your end. - Frequency of scanning can be edited in portal by Bank of Montana team - SFTT (formal reporting on vulnerabilities) – twice a year (bi-quarterly) as per the SOW - Start date/first SFTT date TBD once portal is configured Security Fundamentals Controls Assessment (SFCA) – Sam Scroggins - Beginning May 1 - Documentation and interview request form – Sam needs by start of engagement - Emilie and/or Peet for all interviews All of the consultants for these components are copied here, so don’t hesitate to reach out with any questions or concerns that arise. We’re looking forward to getting started on this! Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Shayna Fink <[email protected]> Date:Tuesday, April 18, 2023 at 2:08 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]>, IT <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, We do not see your virtual machine connecting back to us. If that is what Peet meant, I’ve copied our IT team to troubleshoot the install directly. If that is not what he meant, please clarify when you can. Thank you! Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Shayna Fink <[email protected]> Date:Tuesday, April 18, 2023 at 1:55 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Great question! We need the documentation request before the start of the engagement, which is May 1. That being said, if you are able to fill out any portion of the document before our kickoff call on Thursday, please do so (even if it’s incomplete). Thank you for uploading the TTQ! I am checking with our internal IT team to see if your VM is connecting back to us, and I will get back to you shortly (I assume that is what Peet means?) Best, Shayna Fink Project Manager, [LMG Security](https://www.lmgsecurity.com/) [email protected] (406) 709-0938 From:Emilie Johnston <[email protected]> Date:Tuesday, April 18, 2023 at 1:46 PM To:Shannon Dinger <[email protected]> Cc:Projects <[email protected]> Subject:RE: Bank of Montana - Project Kickoff [00270-2022-001] Hi Again, When do you need the document request list completed and uploaded by? Thanks, Emile EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Thursday, April 6, 2023 2:01 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Sounds great! I will send over the Zoom call calendar invite here shortly for Thursday the 20th at 11am MT (call will be approx. 1hr). Below are some items to note inboldthat we will need to have prior to testing (you have plenty of time to work on this - no immediate rush) - Technical Testing Questionnaire(TTQ)to be complete and uploaded to ShareFile (let me know if you need a fresh copy of this document). Additionally, please make sure to read the instructions for the virtual machine download if you elect to use a virtual machine (vs. a physical device) for the Internal penetration testing. Please have it completed prior to our kickoff call and upload it to the project ShareFile folder https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 - IP Verification: On the TTQ, we will need you to provide the list of target IP addresses in advance, as well as any information necessary to verify that the targeted addresses belong to you for the External penetration test. - For the Security Fundamentals Control Assessment: I have uploaded information into the project Sharefile folder under LMG uploads - Security Engagement Quick Start Guide ('EQSG’) anddocument and interview request Excel Workbook to discuss during the kickoff call Be in touch soon, thanks again! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 <image002.png> On Apr 6, 2023, at 2:25 PM, Emilie Johnston <[email protected]> wrote: Lol no worries!! And gotcha! Let’s just do the Thursday, 4/20 call then.😊 Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Thursday, April 6, 2023 1:23 PM To:Emilie Johnston <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] * Emilie - so sorry for the mis-spelling !! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 <image002.png> On Apr 6, 2023, at 2:21 PM, Shannon Dinger <[email protected]> wrote: Hi Emily, Whichever week/timeframe works better for you! One of our consultants on this engagement will be out of office next week, but we can still do the kickoff without him, and have a separate call with him later. We can do next week on Monday the 10th and then have another shorter call scheduled the following week on Thursday 4/20 OR we can just do one hour long kickoff on Thursday 4/20 that has all consultants involved on the call. Let me know whatever works better for you. Thank you! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 <image001.png> On Apr 6, 2023, at 2:07 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Sorry, do you need one for each week? Or just one?😊 If you need one then: Can we do 2pm on Monday, 4/10? If you need two then: Can we do 2pm on Monday, 4/10? And then Thursday, 4/20 at 11am? Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Thursday, April 6, 2023 1:03 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - Project Kickoff [00270-2022-001] Hi Emilie, Just wanted to touch base with you on avalibility for the kickoff call prior to testing beginning in early May. Below is our updated avalibility for a kickoff call: Week of 04/10:(Consultant performing your Fundamentals Controls Assessment is out of office this week so we could schedule a separate call with him the following week) Monday, 04/10: 9:30am - 10am, 10:30am - 3pm MT Tuesday, 04/11: 10:30am - 12pm, 12:30 - 2pm MT Wednesday, 04/12: 10:30am - 3pm MT Thursday, 04/13: 11am - 3pm MT Friday, 04/14: 10:30-11am, 12 - 2pm MT Week of 04/17: Monday, 04/17: 9:30 - 10, 10:30am - 3pm MT Tuesday, 04/18: 10:30am - 3pm MT Wednesday, 04/19: 10:30 - 11am, 1-2pm MT Thursday, 04/20: 10:30 - 3pm MT Friday, 04/21: 10:30am - 11am, 12:30 - 2pm MT Please let me know if any timeframes listed work best for you. Thanks! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 On Mar 31, 2023, at 12:17 PM, Shannon Dinger <[email protected]> wrote: Hi Emilie, Hope you are doing well! I just wanted to touch base regarding the technical testing that we are performing in May: - External Penetration Test(‘EPT') starts on05/08/23 and finishes 05/09: Performed by LMG consultant Brandon Kirkbride - Internal Penetration Test (‘IPT') starts on05/01/23 and finishes 05/03: Performed by LMG consultant Emily Gosney - Security Fundamentals Controls Assessment (‘SFCA') starts on05/01/23 and finishes ~05/08 : Performed by LMG consultant Parker Lee - Security Fundamentals Technical Testing(‘SFTT’) + Continuous Vulnerability Scans ('CVS’): Tenable portal set up for scans are to start on05/02/23 : Performed by LMG consultant Alex Rogers Now that we are getting closer to testing, I thought it would be a good time to hold the kickoff call with each of the consultants to discuss the components and to confirm the schedule with you. How is your early April looking? Below is our upcoming avalibility for a kickoff call: Wednesday, 04/05: 12 - 2pm MT Thursday, 04/06: 10:30 - 11:30am, 1-3pm MT Friday, 04/07: 10:30am - 1:30pm MT Monday, 04/10: 10:30am - 3pm MT Tuesday, 04/11: 10:30- 11:30am, 1 - 3pm MT Wednesday, 04/12: 11:30am - 3pm MT Thursday, 04/13: 10:30am - 2:30pm MT Friday, 04/14: 10:30am - 12pm MT Prior to the Kickoff just as a reminder, we’ll need the Technical Testing Questionnaire(TTQ) uploaded to ShareFile. Please let me know if you need me to send over a new TTQ document for you. https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 Best Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) Email:[email protected] Office: (406) 830-3165 ext. 139 On Feb 28, 2023, at 11:51 AM, Emilie Johnston <[email protected]> wrote: Thank you! EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Tuesday, February 28, 2023 10:51 AM To:Emilie Johnston <[email protected]> Cc:Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Thanks for your patience while we coordinated what would be best for your CEO’s ask. There are 2 handouts that we think would be best: [Business Email Compromise handout](https://www.lmgsecurity.com/resources/business-email-compromise/) [How to Spot a Phishing Email handout](https://www.lmgsecurity.com/resources/how-to-spot-a-phishing-email/) Please let me know if there are any other resources I can help with at this time. Best, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Feb 20, 2023, at 10:48 AM, Emilie Johnston <[email protected]> wrote: Hi Natalie, Awesome. This is what my CEO emailed me: “My hot button “issue” right now is internal and external emails. There are other subjects I'm sure..but I’d like to know …what is normal now…what is best practice etc. That is ….what is ok to be in an email, etc.” Does that help at all?😊 Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Monday, February 20, 2023 10:44 AM To:Emilie Johnston <[email protected]> Cc:Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, What a great question! We do have a variety of handouts that could help with emails. Could you please give me more info on what you’re looking for? Are you trying to help people avoid phishing emails? Prevent email hacking? Help people understand why they need MFA for email? Please let me know and I’ll happily be able to send over the resources we have available. Thanks, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Feb 20, 2023, at 9:14 AM, Emilie Johnston <[email protected]> wrote: Good Morning! I was wondering if you guys have any handouts that are specific to emails? Like the do’s and don’ts when sending emails? Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image001.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Natalie Bray <[email protected]> Sent:Tuesday, January 3, 2023 2:51 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]>; Shannon Dinger <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Stepping in here in regards to the webinar planning for June 2023! I’ve set up the webinar on GoToWebinar and sent you a calendar invitation with your individual sign on link, as well as the registration link to circulate to those you’d like to attend. I’ve included them here for convenience as well: Registration Link: https://attendee.gotowebinar.com/register/3051327714240822112 Emilie link: https://global.gotowebinar.com/pjoin/3051327714240822112/6376629108635408476 I will be reaching out in late April to schedule a kickoff call. We’ll go over various logistics including moderator roles, script revisions, and debrief times. In the mean time, please feel free to contact me with any questions you may have prior to the webinar. Thanks so much, Natalie Bray Events Manager [LMG Security](https://www.lmgsecurity.com/)Office: (406) 830-3165 x124 Cell: (406) 880-3117 <image002.png> On Jan 3, 2023, at 2:31 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Let’s do June 27that 4pm! Thanks, Emilie EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Tuesday, January 3, 2023 2:28 PM To:Emilie Johnston <[email protected]> Cc:Natalie Bray <[email protected]>; Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Hope you had a great holiday weekend! Below is our current availability for the webinar within the time frame you had recommended: 6/27 from 4-5 PM MST 6/28 from 4-5 PM MST Please let me know if any timeframe listed will work for you. Additionally, I have copied Natalie Bray on this email incase you would like to explore any other future availability for the webinar. Thank you! Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 30, 2022, at 1:18 PM, Emilie Johnston <[email protected]> wrote: Sounds perfect! Thank you! Bank of Montana’sUpcomingClosures: Friday, December 30th[embedded image]Closing at 3pm Monday, January 2nd⛄Closed EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Friday, December 30, 2022 12:18 PM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Thank you so much for the quick response. We have those technical testing dates booked. As for the Webinar, that sounds fantastic! I will coordinate with our scheduling team to get confirmation on exact date, and will circle back with you early next week. Kind Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 30, 2022, at 1:08 PM, Emilie Johnston <[email protected]> wrote: Hi Shannon, Yes, those dates sound perfect! For the webinar – thinking somewhere in the last 2 weeks of June? From 3:30-5pm? Thanks, Emilie Bank of Montana’sUpcomingClosures: Friday, December 30th[embedded image]Closing at 3pm Monday, January 2nd⛄Closed EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 <image002.jpg> The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From:Shannon Dinger <[email protected]> Sent:Friday, December 30, 2022 11:30 AM To:Emilie Johnston <[email protected]> Cc:Projects <[email protected]> Subject:Re: Bank of Montana - New Project Kickoff [00270-2022-001] Hi Emilie, Hope you are well! Just wanted to check in with you and confirm the May testing dates outlined below and get your requested timeframe for the Webinar. Please let me know if you have any questions or need anything in the meantime. As a reminder, I will be following up with you 4-6 weeks prior to testing to get our kick off call set up with the assigned consultants. Have a happy new year! Kind Regards, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image003.png> On Dec 8, 2022, at 8:10 AM, Shannon Dinger <[email protected]> wrote: Hi Emilie, It’s great to be working with you on this project, as the Project Manager. Our process for completing the project is as follows: 1.Assign consultants and set schedule- This is complete. We have assigned the following consultants: Brandon Kirkbride to begin theExternal Penetration Test(EPT) on05/01/23and finish it on 05/03/23 Daniel Bennett to begin theInternal Penetration Test (IPT) on05/01/23and finish it on 05/03/23 Parker Lee to begin theSecurity Fundamentals Controls Assessment (SFCA) on05/03/23and finish it on 05/03/23 Quarterly Security Fundamentals Technical Testing(SFTT) starting on05/03/23 Webinar date TBD 2.Hold a kick-off call- introduce teams and discuss Goals and Objectives 3.Run each component on scheduled dates 4.Deliver reports - This is estimated to happen by05/25/23 (EPT, IPT, SFCA) 5.Hold wrap-up call- to discuss reports and address questions I will be reaching back out with you 4-6 prior to the start of testing to get the kickoff call on our calendars. In the meantime, you should have received an email from ShareFile, our secure document sharing platform. This is our preferred method for sharing confidential information during the project. The folder setup for you is titled 00270-2022-001. Be sure to check your junk email folder if you do not receive the notification and let me know if you have any trouble with access. If there is anyone else who should have access, please let me know and I will add them. Attached, is aTechnical Testing Questionnaire(TTQ). Please have it completed prior to our kickoff call and uploaded to ShareFile here:https://lmgsecurity.sharefile.com/f/fo2c13da-7faa-4e8c-8b48-c5ae920f9bc3 <TTQ - 00270-2022-001 - Bank of Montana .docx> I look forward to speaking with you. Please let me know if you have any question or concerns. All the best, Shannon Dinger Project Manager [LMG Security](https://www.lmgsecurity.com/) [Email: [email protected]](mailto:[email protected]) Office: (406) 830-3165 ext. 139 <image001.png>
Artichoke Support - Peet (internal)
Apr 28, 2023, 7:05 PM
On the VM appliance ... Please correct me if I'm mistaken or point me to updated documentation, but the device needs one TCP port from 1- 65535 with outside access. The device has at minimum virtually unrestricted access to 80 and 443. So that should meet the last requirements I've seen for the device. Allow outbound connections from VM to Internet over at least one TCP port in the range of 10-1000 But If I only let it have the regular access our devices have, it does not connect. Attached is a log for everything that's rejected after the device boots with only access to 80/443. Do you need outbound dns to Google's public dns as well as the one TCP port? Thanks.Peet
customer-reply (internal)
Apr 28, 2023, 7:36 PM
Hi Peet, I added your email and the support email to the ShareFile folder where the ISO and checksums are available to download, as well as PDF guides if they help. Thanks for re-deploying a new version of the VM Here’s a direct link to the folder. Let me know if you need anything else. The firewall rule for port 80 that you have does work, the SSH keys we used on that VM are just failing to login to our server. https://lmgsecurity.sharefile.com/f/fo690792-8ec6-457f-aab2-9bd8f54ecaf6 Thanks, Paul Martin CIO LMG Security Cell: (406) 830-5015 [email protected] On Apr 28, 2023, at 1:05 PM, Artichoke Support - Peet <[email protected]> wrote:
Artichoke Support - Peet (internal)
Apr 28, 2023, 8:31 PM
It looks like the new appliance connected on port 80? can you confirm? Thanks.Peet
customer-reply (internal)
Apr 28, 2023, 8:59 PM
Thanks Peet, Unfortunately it isn’t connected - can you just reboot the new one once more? I’m watching on our server (your public IP and auth logs) to see why it didn’t connect. Thanks, Paul Martin CIO LMG Security Cell: (406) 830-5015 [email protected] On Apr 28, 2023, at 2:31 PM, Artichoke Support - Peet <[email protected]> wrote:
Artichoke Support - Peet (internal)
Apr 28, 2023, 9:32 PM
Bounced. I’m sorry I’m not in a place that I can look at the firewall. But attached is an image of what ends up in the consul after a boot. Peet
customer-reply (internal)
Apr 28, 2023, 9:32 PM
Thank you for contacting Bank of Montana! Our office is closing at 3:00 pm Friday, April 28th, resuming regular business hours Monday, May 1st. Please email [email protected] with urgent requests.
customer-reply (internal)
Apr 28, 2023, 10:11 PM
Thanks Peet, Looks good on my end and I kicked off our script to install our remaining tools. Have a good weekend. Best, Paul Martin CIO LMG Security Cell: (406) 830-5015 [email protected] On Apr 28, 2023, at 3:32 PM, Artichoke Support - Peet <[email protected]> wrote:
customer-reply (internal)
May 1, 2023, 2:48 PM
Hi Peet, Apologies, I lost connection to the device again. Can we hop on a quick meeting to troubleshoot? Sorry for the trouble on this device, appreciate your help! You can join this zoom or give me a call at 406-830-5015, whichever is easiest. https://lmgsecurity.zoom.us/j/89734256320?pwd=bTUyOElKZVYxT1g2TmxodWdsZHBZQT09 Thanks, Paul Martin CIO LMG Security Cell: (406) 830-5015 [email protected] On Apr 28, 2023, at 4:11 PM, Paul Martin <[email protected]> wrote: Thanks Peet, Looks good on my end and I kicked off our script to install our remaining tools. Have a good weekend. Best, Paul Martin CIO LMG Security Cell: (406) 830-5015 [email protected] On Apr 28, 2023, at 3:32 PM, Artichoke Support - Peet <[email protected]> wrote:
Artichoke Support - Peet (internal)
May 1, 2023, 3:50 PM
I've created a rule to allow TCP10 from your box to 66.109.142.165. I've bounced the DropBox and see a good amount of traffic being allowed on TCP 10. Still having issues reaching it? Cheers.Peet
customer-reply (internal)
May 1, 2023, 3:51 PM
Hello, I am out of the office today and returning on March 14th. If you need immediate assistance please contact [email protected] . Otherwise, I’ll get back to you as soon as I’m able.
customer-reply (internal)
May 1, 2023, 4:14 PM
Thank you, We’re good on that now, maybe https inspection was causing the issue on port 80. Thanks again. Best, Paul Martin CIO LMG Security Cell: (406) 830-5015 [email protected] On May 1, 2023, at 9:50 AM, Artichoke Support - Peet <[email protected]> wrote:
customer-reply (internal)
May 12, 2023, 8:57 PM
wahoo! nothing came in in the external pen test! EMILIEJ.JOHNSTON Chief Operations Officer and Executive Vice President Phone: [406.829.2662](tel:406.829.2662)| Fax: 406.829.2355 [email protected] [www.bankofmontana.com](http://www.bankofmontana.com/) 125 Bank Street, Suite 100 Missoula, MT 59802 NMLS #922126 [embedded image] The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you From: Tzirel Bleier <[email protected]> Sent: Friday, May 12, 2023 2:08 PM To: Emilie Johnston <[email protected]> Cc: Projects <[email protected]>; Brandon Kirkbride <[email protected]> Subject: Bank of Montana - External Penetration Test Report Available (00270-2022-001-Y1) [EXTERNAL - This message was sent from an email outside of Bank of Montana. Please use caution when following links or opening attachments.] Hi Emilie, I’m emailing since Shayna’s out of the office today. Your External Penetration Test Report is now ready and available here:https://lmgsecurity.sharefile.com/f/fob1e4f5-3f51-4fd2-a0de-4203208b07cc Please let me know if you would like to set up a 30-minute zoom call to review the report. Thanks, and have a great weekend! Tzirel Bleier Project Team Manager LMG Security Cell: 406-709-0933 [embedded image]
[email protected] (internal)
Nov 7, 2023, 11:14 PM
Edits made via Bulk Update Tool - see change log for this timestamp
| Started | Ended | Hours | Notes |
|---|---|---|---|
| No time entries | |||