Information Security FAQs

Click questions to expand answers.

ISPO Services

What services are provided by the ISPO?

Help.UNM
The ISPO utilizes self-service intake services using University’s enterprise ticketing system Help.UNM, and phone and in-person intake services from the UNM IT Service Desk, the University's central support organization for IT-related services and computer-related issues. All information security or privacy related events and incidents, and service requests are forwarded to ISPO by Service Desk staff.
  • Privacy, Compliance, and Risk Services
    • Contract Review
    • Data Sharing Agreement Review
    • Institutional Review Board (IRB) Review
    • PCI Compliance
    • Other Privacy, Compliance, and Risk Services
  • Information Security Services
    • Continuous Vulnerability Monitoring
      • Application Access Requests
      • Application Maintenance and Support Requests
    • Event Management
    • Digital Forensics
    • Firewall Change Requests
    • Incident Response Services
      • Information Security Incident Response Services
        • Minor Incidents
        • Major Incident
    • Information Request
    • Operational Intelligence
      • Event Management
      • Event Log Analysis
    • Penetration Testing
      • Network Vulnerability Penetration Test
      • Web Applications Penetration Test
    • Vulnerability Assessment(s)
      • Network Vulnerability Assessment
      • Web Applications Assessments
    • Other Information Security Request

How do I request service from the ISPO?

The ISPO utilizes the University’s enterprise ticketing system Help.UNM and intake services provided by the UNM Information Technologies (UNM IT) Service Desk, the University's central support organization for information technology-related services and computer-related issues.  All information security-related events, incidents, and requests are forwarded to the ISPO by UNM IT Service Desk staff.  Please use Help.UNM or call the UNM IT Service Desk at 7-5757 to ensure that your request is opened, tracked, and processed in a timely manner.  Requests submitted via email or channels not monitored by the IT Service Desk staff cannot be processed.

Information Security Services

How do I submit a request to access the Continuous Vulnerability Monitoring Service (CVMS-N)?

NOTICE: The ISPO requires several pieces of information to process an Application Access Request and we recommend you thoroughly review all of the information below.

Continuous Vulnerability Monitoring Service for Networks (CVMS-N) - Application Access Request

About this Service

The UNM Information Security & Privacy Office (ISPO) is responsible for the development and maintenance of the Information Security Program and designing and maintaining information security technologies and services in the interest of supporting the University’s overall mission of engaging faculty, students, and staff in its educational, research, and service programs.  The Continuous Vulnerability Monitoring Service for Networks (CVMS-N) supports the Vulnerability Management Program, a component of the Information Security Management System (ISMS) a framework for maintaining the University’s Information Security Program.

The CVMS-N is powered by solutions from Tenable Security (Nessus Vulnerability Scanners + Nessus Manager).  Nessus is a best of breed enterprise grade vulnerability monitoring solution provided as a service by the ISPO’s Information Security Operations area.  Nessus utilizes network port scanners to perform periodic recurring vulnerability assessments to examine the University's internal and external network attack surfaces.  Nessus features include high-speed asset discovery, configuration auditing, target profiling, malware detection, sensitive data discovery and vulnerability analysis.  The availablility and effectiveness of the listed features are dependent on the scan method being utilized.

The CVMS-N is designed to support all IT environments including those supported by enterprise and departmental units located on Main, North, South, and Branch campuses (Gallup, Los Alamos, Taos, and Valencia).  Departments affiliated with the Health Sciences Center (HSC) are encouraged to contact the HSC’s Information Security Office to determine what network vulnerability monitoring services are available for HSC environments.

Basic application access, and vulnerability monitoring configuration and maintenance is provided to all IT support units at no-cost.  Custom maintenance and support requests may result in a small fee in circumstances where additional physical hardware or software licenses are required to support such requests.

Controlled Unclassified Information Notice

RESTRICTED INFORMATION

Information contained within the ISPO's CVMS-N is subject to enhanced safeguarding, as unauthorized disclosure could place UNM at risk for data exfiltration or other malicious activities.  Vulnerability information may only be stored in ISPO-designated UNM-owned services.  This information may only be shared with authorized University staff (i.e. Data Owners, Data Steward, Data Custodians, or Data Users) who are directly responsible for the specified system(s) or application(s).

Intake Process

The ISPO utilizes the University’s enterprise ticketing system Help.UNM and intake services provided by the UNM Information Technologies (IT) Service Desk, the University's central support organization for information technology-related services and computer-related issues.  All information security-related events, incidents, and requests are forwarded to the ISPO by UNM IT Service Desk staff.  Please use Help.UNM to ensure that your request is opened, tracked, and processed in a timely manner (refer to FastInfo 7263 -  How do I submit a request for service to IT using Help.UNM self-service? for general instructions on how to open a self-service request).  Requests submitted via email or channels not monitored by the IT Service Desk staff cannot be processed.

IT staff with internal access to Cherwell ITSM must select the appropriate Record Type, Service Request Type, and Category, when generating a record, and must use the appropriate workflow when creating tasks for Cherwell teams.  Additionally, IT staff are required to provide all the information outlined in the Request Details tab which mirrors the ‘Required Information’ section below.  Requests that are not appropriately generated within Cherwell will be summarily cancelled/denied.

Required Information

In order to submit an application access request for CVMS-N, the requestor must provide the following information (at minimum):

  • IT Role:
  • Name:
  • NetID:
  • Privileged Account:
  • Supervisor’s Name:
  • Supervisor’s NetID:
  • Justification:

Tickets that do not include the above referenced information in the specified format cannot be processed.

IT Roles (Job Description)

Please reference the following list of UNM Human Resources-defined IT roles (job descriptions) when submitting your request:

Office of the Chief Information Officer Staff

  • Chief Information Officer (CIO)
  • Deputy Chief Information Officer (Deputy CIO)
  • Information Security & Privacy Officer (Info Security Ofcr)

IT Directors, Associate IT Directors, and IT Officers

  • Director of Core Information Technology Services (Dir,Core IT Svcs)
  • Director of Information Technology Services (Dir,IT Svcs)
  • Associate Director of Core Information Technology Services (Assoc Dir,Core IT Svcs)
  • Associate Director of Information Technology Services (Assoc Dir, IT Svcs)
  • Information Technology Officer (IT Officer)

IT Managers, IT Supervisors, and IT Project Managers

  • Manager of Core Information Technology Services (Mgr,Core IT Svcs)
  • Manager of Information Technology Services (Mgr,IT Svcs)
  • Information Technology Project Manager 1-3 (IT Project Mgr 1-3)
  • Supv,Security & Alarm Systems

HPC Specialists, IT Specialists, IT Analysts, and IT Technicians

  • Core Information Technology Services Specialist (Core IT Svcs Splst)
  • Information Technology Services Specialist (IT Svcs Splst)
  • High Performance Computing Specialist 1-3 (HPC Systems Splst 1-3)
  • Systems/Network Analyst 1-3 (Systems/Network Analyst 1-3)
  • Technical Analyst 1-3 (Technical Analyst 1-3)
  • Security & Alarm Tech
  • Information Technology Support Technician 1-3 (IT Support Tech 1-3)

UNM staff requesting access shall have an appropriate UNM-defined information technology focused job description (position classification) or shall be responsible for managing HPC Specialists or IT Specialists, IT Analysts, or IT Technicians.  For more information about UNM’s Job Descriptions, please reference the UNM Human Resources Position Classification Description Listing website for more information. https://jobdescriptions.unm.edu/Requests submitted by UNM staff without an appropriate job description will be summarily denied.

NetID and Privileged Account

User Account and Email

Your user account must be your UNM NetID that is tied to your LoboMail account.  Departmental identities cannot be provisioned access to this service and departmental mail services cannot be used to receive notifications from Nessus Manager.  All UNM staff members are automatically provisioned a NetID and LoboMail account.

Privileged Account

Your privileged account must be a sanctioned privileged account (sometimes called a ‘service’ account) that has been provisioned in the centrally-managed Lightweight Directory Authentication Protocol (LDAP) service and synchronized with Active Directory Domain Services (AD DS) directory service, both services are provided at no-cost to all UNM departments by Information Technologies (IT).

Request Approvals and Mandatory Training

Approvals

Application Access Requests for CVMS-N must be approved by the requestor’s director, manager, or supervisor, and the ISPO’s Management staff.  Approvals will be submitted on behalf of the requestor via Help.UNM.  Please have your approver check for email from Help.UNM (help@unm.edu).  Requests that do not receive the appropriate approvals cannot be processed.

Training

All IT staff requesting access to CVMS-N must attend a mandatory training before being provisioned access to this system.  Training includes educating IT staff of the institutional requirements outlined in the Vulnerability Management Program which include University-mandated timeframes for appropriately addressing identified vulnerabilities by severity and impact.  Additionally, a basic tutorial for how to authenticate and interact with CVMS-N, and the basics of interpreting vulnerability scan reports and the data contained therein is provided.

Responsibilities

ISPO (Information Security Operations)

The ISPO is responsible for designing and maintaining information security technologies and services including the Vulnerability Monitoring Service for Networks (CVMS-N), and for identifying areas where information assets are not adequately safeguarded.

IT (Enterprise and Departmental)

All IT units are responsible for appropriately deploying, configuring, and maintaining IT systems over the course of their lifecycle.  Appropriate system lifecycle management includes but is not limited to maintaining appropriate and consistent system update procedures that include patching system security vulnerabilities and making configuration changes when required to address identified vulnerabilities.  All IT units are responsible for adhering to appropriate change management procedures at all times.

Staff within IT units may not share system vulnerability information with individuals who are not in appropriate roles or who have responsibilities outside of their immediate workgroup who are not responsible for addressing identified issues.  Additionally, staff with access to the CVMS-N shall treat all data contained within the system as CUI.  For more information about CUI, please reference the ‘Controlled Unclassified Information – Restricted Information’ section above.

Maintenance and Support

Ongoing maintenance and support of this solution including creating, modifying, and disabling recurring scans, and troubleshooting existing scans can be requested via Help.UNM.  Please refer to the 'How do I request support' for the Continuous Vulnerability Monitoring Service (CVMS-N)'?

Questions and Feedback

If you have questions or feedback regarding this document or the CVMS-N, please use Help.UNM or call the IT Service Desk at 7-5757 to ensure that your information request or feedback request is opened, tracked, and processed in a timely manner.

How do I request support for the Continuous Vulnerability Monitoring Service (CVMS-N)?

NOTICE: The ISPO requires several pieces of information to process an Application Access Request and we recommend you thoroughly review all of the information below.
The ISPO utilizes self-service intake services using University’s enterprise ticketing system Help.UNM, and phone and in-person intake services from the UNM IT Service Desk, the University's central support organization for IT-related services and computer-related issues. All information security or privacy related events and incidents, and service requests are forwarded to ISPO by Service Desk staff.

How do I request Digital Forensics services?

Submit a request through Help.UNM or call the UNM IT Service Desk at (505) 277-5757
The ISPO utilizes self-service intake services using University’s enterprise ticketing system Help.UNM, and phone and in-person intake services from the UNM IT Service Desk, the University's central support organization for IT-related services and computer-related issues. All information security or privacy related events and incidents, and service requests are forwarded to ISPO by Service Desk staff.

How do I submit a request for a Firewall Change Request?

Submit a request through Help.UNM or call the UNM IT Service Desk at (505) 277-5757

How do I request a Penetration Test?

Submit a request through Help.UNM or call the UNM IT Service Desk at (505) 277-5757

How do I request a Vulnerability Assessment?

Submit a request through Help.UNM or call the UNM IT Service Desk at (505) 277-5757
  • Please be advised, the ISPO requires several pieces of information to process this type of request

Malware & Hacking

What do I do if I suspect that my UNM-owned computing asset has been compromised?

  1. Gather information about the event including the following: 
    • Date and time of the event
    • Location of the event
    • How you suspect the event may have occurred
  2. Isolate the affected machine by disconnecting the machine from a network (either wired or wireless), but do not power-off the machine, volatile (and valuable) data will be lost of the machine is powered-off
  3. After you have collected the relevant information, report the event by opening a Help.UNM ticket and by calling the ISPO on-call number (505) 277-2497

What do I do if I suspect my personal computing asset has been compromised?

  1. First, disconnect from the network by turning off Wi-Fi and unplugging Ethernet
  2. Then, contact the IT Service Desk for help at (505) 277-5757
Make sure you have all important and/or security-related operating system updates and an up-to-date antivirus program installed, then scan your machine with that antivirus program. More often than not however, you should reinstall your operating system to be certain that the compromise is eradicated.

NetID Issues

My account (NetID) was locked by ISPO, who do I contact to have my account unlocked?

To regain access to your account, please contact the UNM IT Service Desk. The IT Service Desk is the University's central support organization for IT-related services and computer-related issues, and can be reached at (505) 277-5757.
UNM IT Customer Support Services hours can be found in FastInfo #3351: What are the hours of operation for IT Customer Support Services?

What do I do if I suspect that my account (NetID) is compromised?

Immediately change your NetID password at https://netid.unm.edu or by calling the UNM Information Technologies (IT) Customer Service Desk at (505) 277-5757
Non-hyperlinked format (copy and paste into your URL bar): https://netid.unm.edu

Email Issues

What is spam email?

Spam is the electronic version of ‘junk mail’.  Spam refers to unsolicited and unwanted email sent to either an individual or list of individuals.  Spam does not necessarily contain malware as legitimate email sent for commercial purposes could potentially fall into this category.  Conversely, threat actors may send spam email that contains links to sites used for phishing or that contain malware. 
 
The University’s enterprise email system discards the majority of spam email messages sent to LoboMail (unm.edu) accounts.  In an effort to ensure legitimate email is not discarded, some spam emails are delivered, but are sorted into the ‘Junk E-mail’ folder which allows LoboMail users to identify potential spam that has been received.  Unsolicited or otherwise unexpected email found in this folder can be safely ignored (and does not need to be reported).  Spam messages found in the ‘Inbox’ folder can be reported using the ‘Report Message’ feature in Outlook

What is phishing email?

Phishing is a form of social engineering.  Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization.  For example, a threat actor may send email seemingly from the University that requests a user’s username and password or other personal information, often suggesting that there is a problem with a user’s account.  When users respond and provide their information, threat actors can use it to gain access to the user’s account.

The University will never ask for your password to your NetID through email, even during a password reset.  If you receive an email asking for your password, sensitive information, or personally identifiable information and you suspect that it is fraudulent, check the Phish Bowl for examples of phishing email and to see if the email has been reported to the  ISPO.  Phishing email found in the ‘Inbox’ folder can be reported using the ‘Report Message’ feature in Outlook.

What do I do when I get spam email?

  1. Do not reply to the sender
  2. Use the 'Report Message' feature in Outlook to report the email

What do I do when I get phishing email?

  1. Do not reply to the sender
  2. Use the 'Report Message' feature in Outlook to report the email

Other

I didn't find the answer I was looking for, who do I contact for more information?

Please send your questions to security@unm.edu
To properly track your Information Request, a ticket will be opened on your behalf.  In such an occurrence, all follow-up communication and correspondence will be handled through the address help@unm.edu

Report an Incident

If you suspect that your NetID (i.e. LoboMail account) or a computer have been compromised and you need to know what to do, please see our FAQ

Abuse Report Form

- or -

Report Message: Junk

 - or -

Report Message: Phishing

 - or - 

Help.UNM Self Service

 - or -

UNM EthicsPoint


For more information, visit our Contact Information page