Question HLNT-03
Do you use an automated IDS/IPS system to monitor for intrusions?
| Weight | 40 |
| High Risk | Yes |
| Required | Yes |
| Compliant Answer | Yes |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
Describe your plan to implement an IDS/IPS in your environment.
Answering "YES"
Describe the currently implemented IDS/IPS.
Reason for Question
It is important to have detective capabilities in an information system to protect institutional data. Because this is somewhat expected in information systems, vendors without IDSs implemented should raise concerns. Compensating controls need future evaluation, if provided by the vendor.
Follow-Up Inquiries
A security program with limited resources for event detection and prevention is not effective. Inquiries should include training for staff, reasoning behind not using IDS/IPS technologies, and how systems are monitored. Additional questions about a SIEM and other tooling may be appropriate. Ask how systems are actively protected and how malicious activity is stopped.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]