Question FIDP-05
Have you implemented an Intrusion Prevention System (network-based)?
| Weight | 20 |
| High Risk | No |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
Describe your plan to implement a Intrusion Prevention System in your environment.
Answering "YES"
Describe the currently implemented IPS.
Reason for Question
It is important to have preventive capabilities in an information system to protect institutional data. Because this is somewhat expected in information systems, vendors without IPSs implemented should raise concerns. Compensating controls need future evaluation, if provided by the vendor.
Follow-Up Inquiries
A security program with limited resources for active prevent is inefficient. Inquiries should include training for staff, reasoning behind not using IPS technologies, and how systems are actively protected and how malicious activity is stopped.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]