Information Security Services

The Information Security & Privacy Office provides the following services to the UNM community free of charge, excluding branch campuses. To request information security and privacy services, please make a request using Help.UNM.

Continuous Vulnerability Monitoring

The Continuous Vulnerability Monitoring Service for Networks (CVMS-N) supports the Vulnerability Management Program, a component of the Information Security Management System (ISMS) a framework for maintaining the University’s Information Security Program.  More information about this service can be found here.

Digital Forensics

The Information Security & Privacy Office (ISPO) offers computer forensics services. ISPO staff can collect and process digital media, computer hard drives, mobile devices, etc. using industry standard methods. These services are designed to augment the capabilities of investigative authorities across the UNM campus.

What ISPO provides:

  • Evidence collection – Certified ISPO staff will collect evidence in a manner that is consistent with industry standard evidence collection techniques and practices.
  • Chain of custody – ISPO staff will provide a chain of custody for evidence detailing who handled each piece of evidence and why it was handled.
  • Evidence integrity – Chain of custody and our procedures ensure that evidence maintains its integrity throughout an investigation. Furthermore, collected evidence is stored in a Department of Defense grade safe behind lock and key.
  • Subject matter expertise, evidence interpretation.
  • Consultation.
  • Facilitation of access to investigative authorities for findings review.
  • Facilitation of third-party forensics services (separate fees may apply).

What ISPO does not provide:

  • General sweeps or searches for policy violation — Determination of the objectives and goals of a forensics case is made by the investigative authority which must be provided at beginning of case, see SLA for customer responsibilities.
  • Criminal case handling. We may collect and store evidence on behalf of UNMPD, however ISPO staff will not process or analyze evidence for criminal activity. At any time during the course of a case, if criminal activity is suspected or discovered by ISPO staff, all activities will be suspended and ISPO staff will collaborate with UNMPD or the Office of University Counsel.

To request this service: Make a request at Help.UNM or contact the ISPO directly.

Endpoint Detection and Response

The Endpoint Detection and Response service supports the Incident Management Program, a component of the Information Security Management System (ISMS) a framework for maintaining the University’s Information Security Program.  More information about this service can be found here.

Implementation Review

The ISPO will review proposed or completed service implementations for their impact on the privacy and security of information with which the University is entrusted. The ISPO will make recommendations to secure services through an information security plan, architecture, or specification, depending upon the complexity of the implementation and the sensitivity of information collected, stored, processed, or transmitted.

To request this service: Make a request at Help.UNM. Please be sure to provide appropriate architecture diagrams and or documentation.

Incident Response

The ISPO will respond to computer security and information security incidents from small to large. The ISPO helps resolve all aspects and impacts of attacks on information systems. Our services include the thorough technical investigation, containment and recovery. See our Incident Management Program to see what your role is and how we define information security incidents.

To report an incident or event you believe might be an incident, see the left sidebar of this site. 

Penetration Testing

The ISPO will use industry-standard tools and techniques to attempt to discover and exploit vulnerabilities in information systems defined in a scope of work.

To request this service: Make a request at Help.UNM. The ISPO will contact you to develop a scope of work.

Security Evaluation

A security evaluation will contain recommendations to mitigate risks and formally transfer ownership of risks to management. This service will include a comprehensive review of the administrative, physical and technical safeguards. The ISPO uses industry standard tools and techniques to provide security evaluation services; these tools and techniques will vary due to the nature of specific evaluations. In addition, UNM policies, procedures, guidelines, specifications, and standards may be provided to assist in addressing issues identified in the evaluation.

To request this service: Make a request at Help.UNM. The ISPO will contact you to develop a scope of work.

Vulnerability Scanning

The ISPO will scan network-connected devices to identify known vulnerabilities in applications and operating system running on servers, workstations, or various other network-connected devices. The ISPO uses industry standard tools and techniques to provide vulnerability scanning services; these tools and techniques will vary due to the nature of specific evaluations. 

To request this service: Make a request at Help.UNM. The ISPO will contact you to develop a scope of work.


Report an Incident

If you suspect that your NetID (i.e. LoboMail account) or a computer have been compromised and you need to know what to do, please see our FAQ

Abuse Report Form

- or -

Report Message: Junk

 - or -

Report Message: Phishing

 - or - 

Help.UNM Self Service

 - or -

UNM EthicsPoint


For more information, visit our Contact Information page