Request Types

Click questions to expand answers.

ISPO Services

The ISPO utilizes self-service intake services using University’s enterprise ticketing system Help.UNM, and phone and in-person intake services from the UNM IT Service Desk, the University's central support organization for IT-related services and computer-related issues. All information security or privacy related events and incidents, and service requests are forwarded to ISPO by Service Desk staff.
  • Privacy, Compliance, and Risk Services
    • Contract Review
    • Data Sharing Agreement Review
    • Institutional Review Board (IRB) Review
    • PCI Compliance
    • Other Privacy, Compliance, and Risk Services
  • Information Security Services
    • Continuous Vulnerability Monitoring
      • Application Access Requests
      • Application Maintenance and Support Requests
    • Event Management
    • Digital Forensics
    • Firewall Change Requests
    • Incident Response Services
      • Information Security Incident Response Services
        • Minor Incidents
        • Major Incident
    • Information Request
    • Operational Intelligence
      • Event Management
      • Event Log Analysis
    • Penetration Testing
      • Network Vulnerability Penetration Test
      • Web Applications Penetration Test
    • Vulnerability Assessment(s)
      • Network Vulnerability Assessment
      • Web Applications Assessments
    • Other Information Security Request
The ISPO utilizes the University’s enterprise service management system Help.UNM and intake services provided by the UNM Information Technologies (UNM IT) Customer Service Desk, the University's central support organization for information technology-related services and computer-related issues.  All information security-related events, incidents, and requests are forwarded to the ISPO by UNM IT Customer Service Desk agents and coordinators.

Please use Help.UNM or call the IT Customer Service Desk at 7-5757 to ensure that your request is opened, tracked, and processed in a timely manner.  Requests submitted via email or channels not monitored by the IT Service Desk staff cannot be processed.

Request Types

Overview

This request type is intended to enable University account users to request access reinstatement for accounts (i.e. NetIDs) that have been disabled due to exceptional circumstances.

Accounts that are temporarily disabled as part of the University’s standard incident response procedure(s) are routinely re-enabled by the UNM IT Customer Service Desk (IT CSD) upon request. In such cases, after an account’s user has established contact and provided the minimum-required information to complete identity verification, IT CSD staff have the ability to re-enable access without the need to submit an Account Access Reinstatement Request.

FAQ

•   Who can submit a request?
•   What information is required to submit this request?
•   What is the cost of this request?
•   Where can I submit this request?
•   When can I submit this request?
•   When will my request be processed?
•   When will my request be fulfilled?
•   How can I submit this request?

Overview

The Business Continuity Access Request is provided by the UNM Information Security & Privacy Office (ISPO). This request type is jointly supported by the ISPO Management Team, IT Customer Service Desk (IT CSD), and IT Platforms (Enterprise Managed Systems & Services).

University Policy 2500 permits a manager or supervisor to request temporary access to an employee’s work-related files. Access to enterprise IT systems will be facilitated where there is an immediate need for work-related, non-investigatory purposes (i.e., to retrieve an email or file while the employee who maintains the email or file is away from the office). In the event an employee separates from the University, all work-related files, including but not limited to research data, as well as all records created or stored in any University information system, physical or electronic, remain the property of the University.

University staff who require access to in-scope files shall contact their area's designated IT Officer or Liaison. IT support staff are responsible for assisting requestors with navigating the Business Continuity Access Request process.

FAQ

•   Who can submit a request?
•   What information is required to submit this request?
•   What is the cost of this request?
•   Where can I submit this request?
•   When can I submit this request?
•   When will my request be processed?
•   When will my request be fulfilled?
•   How can I submit this request?

Overview

This request type is intended to enable staff in the ISPO’s Privacy, Risk, and Compliance area to request a comprehensive technical assessment of both current and prospective cloud vendors as part of the University’s broader Purchasing Risk Assessment process.

This request type includes a comprehensive technical assessment of a vendor’s cybersecurity program and corresponding controls.

This request type cannot be directly requested.

Overview

This request type is intended to enable University staff in Cybersecurity and IT roles to request access to ISPO-managed cybersecurity applications.

Eligibility for access, maintenance, and support of ISPO-managed cybersecurity applications is determined by the requestor’s role and assigned department or area.

FAQ

•   Who can submit a request?
•   What information is required to submit this request?
•   What is the cost of this request?
•   Where can I submit this request?
•   When can I submit this request?
•   When will my request be processed?
•   When will my request be fulfilled?
•   How can I submit this request?

Overview

This request type is intended to enable University staff in Cybersecurity roles to request maintenance for ISPO-managed cybersecurity applications.

Eligibility for access, maintenance, and support of ISPO-managed cybersecurity applications is determined by the requestor’s role and assigned department or area.

FAQ

•   Who can submit a request?
•   What information is required to submit this request?
•   What is the cost of this request?
•   Where can I submit this request?
•   When can I submit this request?
•   When will my request be processed?
•   When will my request be fulfilled?
•   How can I submit this request?

Overview

This request type is intended to enable University staff in Cybersecurity and IT roles to request support for ISPO-managed cybersecurity applications.

Eligibility for access, maintenance, and support of ISPO-managed cybersecurity applications is determined by the requestor’s role and assigned department or area.

FAQ

•   Who can submit a request?
•   What information is required to submit this request?
•   What is the cost of this request?
•   Where can I submit this request?
•   When can I submit this request?
•   When will my request be processed?
•   When will my request be fulfilled?
•   How can I submit this request?

Overview

This request type is intended to enable University staff in IT roles to request cybersecurity-related advice that pertains to information and communication technologies under the University’s purview.

FAQ

•   Who can submit a request?
•   What information is required to submit this request?
•   What is the cost of this request?
•   Where can I submit this request?
•   When can I submit this request?
•   When will my request be processed?
•   When will my request be fulfilled?
•   How can I submit this request?

Overview

This request type is intended to enable University staff in IT roles to submit feedback regarding the university’s cybersecurity program and its corresponding program components, cybersecurity standards and guidelines, and the University’s enterprise cybersecurity services and corresponding request types.

FAQ

•   Who can submit a request?
•   What information is required to submit this request?
•   What is the cost of this request?
•   Where can I submit this request?
•   When can I submit this request?
•   When will my request be processed?
•   When will my request be fulfilled?
•   How can I submit this request?

Overview

This request type is intended to enable University staff in IT roles to request information regarding university policies that cover cybersecurity topics, the university’s cybersecurity program and its corresponding program components, cybersecurity standards and guidelines, and general information about the University’s enterprise cybersecurity services and corresponding request types.

FAQ

•   Who can submit a request?
•   What information is required to submit this request?
•   What is the cost of this request?
•   Where can I submit this request?
•   When can I submit this request?
•   When will my request be processed?
•   When will my request be fulfilled?
•   How can I submit this request?

Overview

This request type is intended to enable University staff in IT roles to request network access reinstatement for UNM-owned networked devices (or other endpoints) that have been blocked from communicating on the University’s network due to abuse, indicators of compromise, or other activity that negatively impacts the network or the institution’s cybersecurity posture.

FAQ

•   Who can submit a request?
•   What information is required to submit this request?
•   What is the cost of this request?
•   Where can I submit this request?
•   When can I submit this request?
•   When will my request be processed?
•   When will my request be fulfilled?
•   How can I submit this request?

Overview

This request type is intended to enable University staff in specific roles to submit a request to revoke account access as part of the University’s separation processes. When an individual separates from the University, all access to accounts and information systems must be removed as soon as reasonably possible.

FAQ

•   Who can submit a request?
•   What information is required to submit this request?
•   What is the cost of this request?
•   Where can I submit this request?
•   When can I submit this request?
•   When will my request be processed?
•   When will my request be fulfilled?
•   How can I submit this request?

Overview

This request type is intended to enable University staff in IT roles to request an ad-hoc network vulnerability assessment of UNM infrastructure (i.e. buildings and departments).

FAQ

•   Who can submit a request?
•   What information is required to submit this request?
•   What is the cost of this request?
•   Where can I submit this request?
•   When can I submit this request?
•   When will my request be processed?
•   When will my request be fulfilled?
•   How can I submit this request?


Report an Incident

If you suspect that your NetID (i.e. LoboMail account) or a computer have been compromised and you need to know what to do, please see our FAQ

Abuse Report Form

- or -

Report Message: Junk

 - or -

Report Message: Phishing

 - or - 

Help.UNM Self Service

 - or -

UNM EthicsPoint


For more information, visit our Contact Information page