UNM Information Security Program (ISMS) Presented by: Lawrence Alderete, Information Security Analyst II Michael Burlison, Information Security Analyst III Jeff Gassaway, Information Security & Privacy Officer Lucas Walker, Information Security Analyst II

Agenda Program History Program Framework Current Program Components Forthcoming Program Components Future Iterations of the ISMS

Definition: ISMS Information Security Management System!

Program History In the Beginning … CIRT Computer Use Guide Acceptable Computer Use Policy (2500) Policies 2530 (Remote Electronic Input to the Financial Accounting Systems) 2520 and 2530 Merged into 2520 II (GLBA Program) 2520 III (Computer Security Controls and Access to SPI) ISO 27001, the Framework

Program Framework ISO 27001 International Standard Describes ISMS Framework Planning/ Development Implementation and Operational Management Effectiveness Assessment Improvement/ Evolution

Current Program Components Vulnerability Management 12/15 Incident Management 4/16

Vulnerability Management

Incident Management Identify Contain Remove Restore Review

Forthcoming Program Components Event Management – 8/16 Awareness Management – 11/16

Future Iterations of the ISMS Continuous Evaluation Continuous Improvement

Preguntas? Help.UNM security@unm.edu 277-2497