The Information Security Program establishes a framework for addressing internal and external risk as it applies to the confidentiality, integrity, and availability of information assets with which the University is entrusted. The Program includes four (4) primary components; Awareness Management, Event Management, Incident Management, and Vulnerability Management.
To view the University of New Mexico Information Security Program, click here.
Program ComponentsAs mentioned above, the Information Security Program Components establish specific guidance for the Institution's technical staff (information technology administrators, etc.).
View the University of New Mexico Information Security Program Components:
UNM has adopted comprehensive policies relating to information security, which are incorporated by reference into the Information Security Program. These include:
Acceptable Computer Use, UNM Policy 2500
Computer Security Controls and Access to Sensitive and Protected Information, UNM Policy 2520
Credit Card Processing, UNM Policy 7215
Information Security, UNM Policy 2550
Social Security Numbers, UNM Policy 2030
Departmental Policies are allowed provided they refer to this policy, that they are at least as restrictive as this policy, and that any reporting requirements are enforced.
Phase 1 (Core Program Components)
Vulnerability Management, Implemented January 20th, 2016
Incident Management, Implemented April 26th, 2016
Event Management, Implemented September 1st, 2016
Awareness Management, Implemented February 24th, 2017
UNM Information Security Program V 1.3
Last Revised: October 18, 2013