Information Security

Program

The Information Security Program establishes a framework for addressing internal and external risk as it applies to the confidentiality, integrity, and availability of information assets with which the University is entrusted.  The Program includes five (5) primary components; Awareness Management, Event Management, Incident Management, Risk Management, and Vulnerability Management.

To view the University of New Mexico Information Security Program, click here.

Program Components

As mentioned above, the Information Security Program Components establish specific guidance for the Institution's technical staff (information technology administrators, etc.).  

View the University of New Mexico Information Security Program Components: 

Relevant Policies

UNM has adopted comprehensive policies relating to information security, which are incorporated by reference into the Information Security Program. These include:

Acceptable Computer Use, UNM Policy 2500
Computer Security Controls and Access to Sensitive and Protected Information, UNM Policy 2520
Credit Card Processing, UNM Policy 7215
Information Security, UNM Policy 2550
Social Security Numbers, UNM Policy 2030

Departmental Policies
Departmental Policies are allowed provided they refer to this policy, that they are at least as restrictive as this policy, and that any reporting requirements are enforced.

Implementation Schedule

Phase 1 (Core Program Components)

Vulnerability Management, Implemented January 20th, 2016

Incident Management, Implemented April 26th, 2016

Event Management, Implemented September 1st, 2016

Awareness Management, Implemented February 24th, 2017

Risk Management, Implemented September 14, 2023

UNM Information Security Program V 2.0
Last Revised: July 12, 2023