Reply To: Security Assessment SLA



Is this in affect since 9/1/2015?

Impact is not being considered when vulnerabilities are identified and services are blocked.

2 – Pricing be noted here in SLA.   Can the link be more specific instead of:

2.1 – Link to “Information Security Incident Response MOU.”  ?

3.2 – For “scope of the assessment” – should be Data Custodian since Data Owners and Stewards are defined:  ?

3.2 – “Utilize UNM IT Service Desk for requests and incidents” – what are examples of incidents? Do we need incidents?

4.2 – Would that be what is mentioned in 4.1 (for periods of planned maintenance, institutional closures, or as otherwise negotiated in writing.)?

6.1. – Given an incident can arise from 2.1 (see: “Any vulnerability assessment”) – costs should be stated and what items are charged for. When costs are unknown and uncapped, why would a Department participate in a security assessment?