Exception requests should be submitted when adherence to a USNH Cybersecurity Standard or Policy is not possible for technical reasons. Examples of exception requests include but are not limited to a blocked website, a device that cannot be upgraded due to specialized instrumentation software, a required security tool is not supported by an OS or application, a legacy operating system is required for educational purposes, or a lab environment requires modified security controls.
Exception requests are reviewed on a case-by-case basis, so it is important to provide as much information as possible to support your request, including a description of the compensating controls that will provide protection. Approved exceptions are assigned an expiration date within 30, 60, or 90 days to allow time for developing a solution. If a solution cannot be determined or implemented within the timeframe, then the risk exception may move into the process for risk acceptance.
The Cybersecurity Operations team is available to assist in responding to and investigating events and incidents that may have information security implications (e.g. Red Flag, Compromised Account, Unauthorized Access, etc.)
Request Cybersecurity training for staff or faculty members.
The Cybersecurity team provides leadership in establishing technology, policies, standards and practices to enhance information security for USNH.
Request access to One Leavitt Lane or report issues with existing access.
Video cameras that are installed at the University of New Hampshire for safety and law enforcement purposes and video data from such cameras must comply with the Public Safety Video Camera System (PSVCS) standard.
Messages quarantined as High Confidence Phishing by Microsoft have met specific conditions; whether it’s suspicious message composition commonly seen in phishing messages, inclusion of suspicious or malicious links or attachments, or even poor sender reputation. Once quarantined as High Confidence Phishing, the message must be reviewed by USNH CyberOps to ensure it presents no real threat to USNH IT Systems and the community prior to its release.
An IT risk assessment is a thorough look at your IT system to identify software, hardware, situations, processes, etc. that may cause harm to your system. After identification is made, an analysis and evaluation is conducted to see how likely and severe the risk is. When this determination is made, a further investigation is conducted to decide what measures should be in place to effectively eliminate or control the harm from happening. Request a Risk Assessment of an USNH IT system if you suspect it may be at risk.
Technology Vendors who may be contracted to provide IT services to The University System of New Hampshire or USNH institutions must demonstrate compliance with applicable USNH policies and/or regulatory standards by completing a Security Assessment Review.
All use of USNH institutional information must be approved by the appropriate data steward including use of institutional data housed in one system or application that will be uploaded/sent/feed into another system or application. The Data Access Request process facilitates requesting, approving, and tracking requests for access to and use of data.
Leveraging the Acunetix Web Vulnerability Scanner (WVS), Enterprise Technology & Services allows application developers to request scans of their development sites before rolling into production to determine if any vulnerabilities exist.