FIDP-11

Do you monitor for intrusions on a 24 x 7 x 365 basis?

Explanation

This question is asking whether your organization has continuous, round-the-clock monitoring for potential security intrusions into your network or systems. '24 x 7 x 365' means 24 hours a day, 7 days a week, 365 days a year - essentially, without any gaps in coverage. Why this matters: Cyber attacks can happen at any time, including nights, weekends, and holidays. Without continuous monitoring, attacks might go undetected for hours or days, increasing the potential damage. Attackers often deliberately target off-hours when they believe monitoring might be reduced. This question is being asked because organizations with mature security programs typically implement continuous monitoring to detect suspicious activities promptly. The assessor wants to understand if you have the capability to detect intrusions regardless of when they occur, which is considered a security best practice. When answering, you should describe: 1. Your monitoring approach (internal SOC, MSSP, automated tools, etc.) 2. Coverage hours and any potential gaps 3. The types of systems being monitored (network traffic, endpoints, cloud resources, etc.) 4. How alerts are escalated and responded to during all hours Even if you don't have full 24x7x365 coverage, be honest about your actual coverage model and any compensating controls you have in place.

Example Responses

Example Response 1

Yes, we maintain continuous 24x7x365 intrusion monitoring through our Security Operations Center (SOC) Our SOC is staffed by security analysts working in three shifts to provide round-the-clock coverage We utilize a combination of network-based IDS/IPS, endpoint detection and response (EDR) tools, and SIEM technology to monitor for suspicious activities across our environment All critical alerts are immediately escalated to on-call security engineers according to our incident response procedures, with defined SLAs for acknowledgment and response regardless of the time of day We conduct regular testing of our after-hours response capabilities to ensure effectiveness.

Example Response 2

Yes, we utilize a third-party Managed Security Service Provider (MSSP) that provides 24x7x365 monitoring of our network and systems The MSSP monitors our firewall logs, IDS/IPS alerts, and critical system logs in real-time They have established procedures to notify our on-call IT security personnel within 15 minutes for critical security events according to our predefined escalation criteria The MSSP's SOC is ISO 27001 certified and staffed continuously with trained security analysts We receive monthly reports on monitoring activities and conduct quarterly reviews with the MSSP to evaluate their performance and adjust monitoring parameters as needed.

Example Response 3

No, we currently do not have 24x7x365 intrusion monitoring Our security team monitors systems during business hours (8am-6pm) Monday through Friday, with automated alerting tools in place during off-hours Critical alerts are sent to our on-call IT staff via email and SMS, but we acknowledge there is no active monitoring during nights and weekends We are in the process of evaluating third-party MSSP solutions to implement continuous monitoring and expect to have 24x7x365 coverage within the next 6 months In the interim, we have implemented additional preventative controls including enhanced firewall rules and endpoint protection to reduce the risk of successful intrusions during non-monitored hours.

Context

Tab: Infrastructure
Category: Firewalls, IDS, IPS, and Networking