Strategy 3: Develop UNM-wide IT security policies, procedures, and practices
Develop UNM-wide IT security policies, procedures, and practices that protect the privacy of the university community, enable appropriate access, and ensure the integrity of information.
The Rationale for this Strategy
Successful implementation of Strategy Three will provide clear IT Security and Privacy frameworks and resources to UNM Service Providers, enabling both centralized and de-centralized Service Providers to comply with Privacy and IT Security regulatory requirements.
These frameworks and resources will reduce the risk of unauthorized data disclosures of information for which UNM is the custodian.
Link to UNM's Mission and EVP's Areas of Strategic Focus
- At the University, we value excellence in our people, in our programs, in our facilities. We have a responsibility to encourage and develop excellence among our faculty, staff and students. We are committed to be leaders.
Definition of Success
* UNM has an IT Security Office.* Review of Privacy and IT Security regulatory requirements
* Periodic review of UNM Policies and Standards to ensure effective compliance with regulatory requirements.
* Confidentiality, integrity and availability of IT services.
* Public trust in IT services and data stewardship.
Conditions Necessary to Achieve Success
A successful Privacy and IT Security program at UNM is dependent upon:
1: UNM providing appropriate funding and necessary resources to enable the success of The Privacy and IT Security Program.
2: UNM creating a reporting structure that resolves the risk of conflict of interest between Privacy and IT Security business processes and other UNM business processes.
3: UNM providing policy review resources to consolidate IT Policies across the University resulting in one Policy framework subject to regular review.
4: UNM providing resources to create a substantive information taxonomy.
5: UNM creating a Institution-wide Privacy Policy.
Strategy Owner
Moira Gerety (ITS Computing Services)
Strategy Implementation Team Members
Mike Campbell (Is-Customer Service)
Kathy Guimond (Police Department)
Moira Gerety (ITS Computing Services)
Jeff Gassaway (Office of the CIO)
James Ira Blackshear (Gallup Branch)
Greg Hallstrom (Police Department)
G Christine Chavez (Internal Audit Department)
Donna K. Smith (Risk Management)
Barney Metzner (HS Library and Informatics Ctr)
drex atkinson (ITS Computing Services)
Strategic Initiatives
| Initiative | Description | Owner | |
| 3A | Reduce risks of litigation, lost productivity and goodwill | Develop policies, standards, procedures and plans to enhance security and reduce security risks.... | Jeff Gassaway (Office of the CIO) |
| 3B | Protect the privacy of university data | Develop a taxonomy of UNM information assets... | Barney Metzner (HS Library and Informatics Ctr) |
| 3C | Enable appropriate access to and integrity of relevant IT resources. | Develop and implement a plan to provide appropriate access to digitized UNM information assets. This will include integrated strategies and methodologies for Identity Management, unified campus identity, authentication for critical data, antivirus and malware software, among others.... | drex atkinson (ITS Computing Services) |
Measures of Success
First Order Indicators of Success:
1: A reporting structure for Privacy and for IT Security compliance that resolves potential conflicts of interest between UNM business processes and Privacy and IT Security business processes.
2: A formal document of Privacy and of IT Security business processes, as well as sufficient staff and associated resources to administer those business processes.
3: A forum to address UNM-wide business needs in the areas of Privacy and of IT Security.
4: A taxonomy of UNM information assets.
5: A policy framework that clearly indicates which kinds of information assets are subject to which security layers, in order to appropriately protect the confidentiality, integrity, and availability of those information assets, so that UNM is able to meet regulatory requirements as they apply. Furthermore, the design of this framework must include a periodic review process to ensure that these policies continue to appropriately guide UNM decisions as they apply to Privacy and to IT Security.
6: A framework under which Privacy and IT Security awareness campaigns and trainings can take place, whereby all UNM community members who interact with information assets are exposed to appropriate awareness and training materials. Furthermore, a successfully implemented framework will include a periodic review process to ensure that these awareness and training materials remain accurate and relevant to Privacy and to IT Security regulatory requirements and best practices.
Second Order Indicators of Success:
1: Measurements of the effectiveness of educational and training initiatives through pre-initiative and post-initiative surveys. These measurements will demonstrate the success and value of educational and training initiatives over time.
2: Measurements of the effectiveness of IT security infrastructure with periodic audits and assessments of information assets and the appropriateness of the security layers applied to those assets. These measurements will demonstrate the success of the UNM Privacy and IT Security compliance programs over time.
4: Successful initiatives to help protect the confidentiality, integrity, and availability of information assets for which UNM is the custodian, will result in an increased sense of trust in UNM-wide computing services over time.