Cyber security operations
UNSW IT Cyber Security help protect our University community as well as inform, educate, and support your understanding of safe online behaviour, practices, and obligations around information security.
The Cyber Security Operations team is comprised of:
Security Engineering team
Our Security Engineering team manages and supports a wide range of security services by leveraging advanced technologies and tools that are monitored in real-time to better detect and respond to emerging threats. Our services include the selection, design, architecture, and management of security tools, and providing support to incidents and investigations. We collaborate with other teams to onboard and integrate security controls ensuring they are monitored and protected.
Computer Security Incident Response team
Our Computer Security Incident Response Team (CSIRT) protects UNSW against cyber-attacks through the implementation of comprehensive 24x7 monitoring, detection, and incident response services. We are responsible for managing the investigation and response to cyber security events and incidents to manage the impact on the University and assist in the restoration and recovery of normal operations. We also provide digital forensics services to investigate and analyse digital evidence and threat intelligence services to proactively track and monitor threat actors targeting our people and infrastructure.
-
- Cloud security services
- Data loss prevention
- DDoS protection
- Digital forensics
- Email authentication services (DMARC, SPF, DKIM)
- Endpoint protection, Detection, and Response (EDR)
- Incident response
- Intrusion detection and prevention system
- Perimeter firewall
- Privileged Access Management
- Secure email gateway
- Secure remote access
- Secure web gateway
- Security information and event management service
- Threat intelligence management
- Vulnerability management
- Web application firewall
-
Submit a request for the EDR Service
For installation on your UNSW-owned endpoints such as servers, desktops and laptops not managed by UNSW IT.
The EDR service software provides more advanced threat detection, monitoring, and endpoint remediation capabilities to enhance the protection of our systems. All UNSW IT-managed endpoints have the EDR service installed.The following conditions apply:
- EDR is not a service for personal devices (BYOD) or for UNSW students.
- EDR can only be installed on UNSW-owned information resources.
- EDR can only be activated on supported Operating Systems.
- EDR has anti-tampering protection and cannot be removed by users. If an uninstall is required, a request will need to be raised to the IT Service Centre and assigned to the Cyber Security Operations team to uninstall the software.
- Once EDR is installed on your endpoint, UNSW IT can apply countermeasures against cyber security threats as required to protect your system and data.
- UNSW IT Cyber Security has the authority to take any necessary action to contain and remediate a compromised endpoint during a security incident. E.g., Network contain the endpoint, restart the endpoint, or stop the process. Note: An exemption request can be made against this point.
Once a request is submitted a Cyber Security representative will be in touch to progress your request. Requests for the EDR Service will be assessed for suitability by UNSW IT Cyber Security.
Once installed, if a potential threat is detected by the EDR Service, staff may be presented with a pop-up Falcon Notification, indicating that your device is protected and generally there is no further action required. If a potential or actual threat is detected, an alert is raised for UNSW IT Cyber Security Operations to manage.
-
Submit a SIEM onboarding request to onboard your UNSW-owned platforms, applications, or services.
Security Information and Event Management, SIEM for short, is a solution that helps the University detect, analyse, and respond to security threats before they harm operations. Once onboarded to the SIEM, the Security Operations Centre (SOC) will provide 24x7 real-time monitoring, threat detection, and security incident response services for your platforms, applications, or services.
Once a request is submitted a UNSW IT Cyber Security representative will be in touch to progress your request. Requests for the SIEM service will be assessed for suitability by UNSW IT Cyber Security.
Reporting cyber incidents
It is important to report any cyber security incidents as quickly as possible so that UNSW IT’s Cyber Security team can address any issues and mitigate risk exposure.
What should I report?
- Suspecting your computer or account has been compromised.
- Having evidence on how technology or University data may be vulnerable.
- Noticing a colleague inappropriately sharing Highly Sensitive or Sensitive data.
- Losing a University asset containing sensitive information.
Report a cyber security incident by calling the UNSW IT Service Centre on 02 9385 1333 or using the link below.
Cyber security is everyone’s responsibility and by learning a few rules, simple steps, and following guidelines, we can protect ourselves and our University from cyber security threats and keep data safe. Go to Cyber Security Training and Awareness for more information.
"Enhancing cyber security, including protecting information and privacy, is of paramount importance to our core functions of education and research. We all play a part in being cyber smart."
Professor Attila Brungs, Vice-Chancellor and President, UNSW Sydney