Documentation
HECVAT Lite v3.0.6
Networking
HLNT-03

Question HLNT-03

Do you use an automated IDS/IPS system to monitor for intrusions?

Weight40
High RiskYes
RequiredYes
Compliant AnswerYes

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

Describe your plan to implement an IDS/IPS in your environment.

Answering "YES"

Describe the currently implemented IDS/IPS.

Reason for Question

It is important to have detective capabilities in an information system to protect institutional data. Because this is somewhat expected in information systems, vendors without IDSs implemented should raise concerns. Compensating controls need future evaluation, if provided by the vendor.

Follow-Up Inquiries

A security program with limited resources for event detection and prevention is not effective. Inquiries should include training for staff, reasoning behind not using IDS/IPS technologies, and how systems are monitored. Additional questions about a SIEM and other tooling may be appropriate. Ask how systems are actively protected and how malicious activity is stopped.

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]