Strategy & governance

Learn about the services provided by the team.

Personalise

UNSW IT Cyber Security help protect our University community as well as inform, educate, and support your understanding of safe online behaviour, practices, and obligations around information security.

Cyber Security Strategy & Governance

Our team

Our Risk Advisory team provides a solution review of UNSW projects integrated with the Portfolio and Project Management Office (PPMO) processes. Our services include a formalised review process incorporating a risk and impact assessment called Cyber Security Risk Assessment (CSRA).

Our Governance and Risk Management team is responsible for the development, delivery, and oversight of University-wide cyber security policies, standards, and procedures. This includes ensuring compliance with policies and standards as well as ongoing cyber security risk management.

2024

June - UNSW Cyber Security Summit hailed a phenomenal success.

May - It's a wrap - Cyber Security Summit a huge success!
Refer to the Summit Program or view this short visual recap.

May - ISO Certification and changes to MyCyberHub (introduction of CyberPolicyHub)

May - Registrations open for Cyber Security Summit - 28 May reminder.

May - Sign up today for UNSW’s Cyber Security Summit - 28 May (includes Summit Program and links to register)

March - Announcing a UNSW Cyber Security Summit for 28 May

Our services

Strategy and Governance services, listed below, are provided via the MyCyberHub portal. If you need help with any of the services, please either submit a general request for cyber security advice or contact the IT Service Centre on for assistance.

Refer to the Cyber Security Policies and Standards webpage.

Refer to the CyberPolicyHub function within the MyCyberHub platform to easily search for Cyber Security Policy and Standards clauses relating to your role.
Raise a cyber security risk, opens in a new window.

Manage a cyber security risk, opens in a new window.

Raise an exemption for policy non-compliance, opens in a new window.

Submit a cyber security risk assessment (CSRA) request, opens in a new window.

Add a new information resource (asset, application, etc.).

Update a new information resource, opens in a new window (asset, application, etc.).

Complete a Gap Assessment, opens in a new window if requested to do so.
Submit an awareness campaign event/talk request, opens in a new window.

Submit a developer security training request, opens in a new window.

Submit a spear phishing campaign request, opens in a new window.

Refer to the Training and awareness information.
Submit a vendor security risk assessment request, opens in a new window.

Submit a vendor security comparison report request, opens in a new window.

Register a new vendor for monitoring, opens in a new window.

Update information about a current vendor, opens in a new window.

Submit a UNSW domain security scan request.
Submit a penetration testing request, opens in a new window.

Submit a static application security/source code testing request, opens in a new window.

Submit a vulnerability scan request, opens in a new window.
Submit a security architecture assessment request, opens in a new window.

Submit a security architecture gap assessment request, opens in a new window.

Submit a security pattern development request, opens in a new window.

Our achievements

UNSW achieves ISO/IEC 27001:2022 certification

In response to the increasing demand for robust and verifiable information security for sensitive research data, in 2024 UNSW achieved the globally recognised ISO/IEC 27001:2022 certification for its Information Security Management System (ISMS). Our achievements.

The ISO/IEC 27001:2022 standard outlines requirements for establishing, implementing, and continuously improving an ISMS within the context of an organisation’s business objectives and risks. By adhering to these requirements, UNSW strengthens its information security risk management framework while enabling continuous improvement and maturity of its cyber security practices.

The certification applies to information security within the provision, operational management, and support of IT systems for the following in-scope services:

O365 email and Azure storage services (Outlook, OneDrive, SharePoint, and Teams).
UNSW Research data archive.
Storage services provided by UNSW shared drives.
Secure Email Gateway services.
UNSW IT managed endpoints.

The certification applies to the above in-scope services managed from UNSW's main campus in Kensington, Sydney, as well as UNSW Canberra at the Australian Defence Force Academy.

Download Certificate

The ISO/IEC 27001:2022 standard outlines requirements for establishing, implementing, and continuously improving an ISMS within the context of an organisation’s business objectives and risks.

By adhering to these requirements, UNSW strengthens its information security risk management framework while enabling continuous improvement and maturity of its cyber security practices.
This certification underscores UNSW’s commitment to robust cyber security risk management standards, directly supporting eligibility for research grants by ensuring compliance with stringent requirements set by research sponsors. It also fosters customer and partner trust and enables growth in Student Experience, Lifelong Learning and Societal Impact.

Driving Innovation and collaboration

The certification also contributes to UNSW innovation and engagement through expanded partnerships and knowledge exchange. Through this achievement, UNSW reinforces its position as an Australian education sector leader in cyber security, demonstrating its ability to:

Safeguard critical systems and data.

Support academic excellence and research innovation.

Deliver meaningful societal impact.

For more information about the certification and its benefits, please email us.
An ISMS is a structured framework designed to safeguard an organisation's valuable information assets. It involves coordinating processes, technology, and resources to manage the risks associated with information security effectively.

The University's ISMS encompasses the protection of information stored within it and the operational management of research storage services to ensure the confidentiality, integrity, and availability of this information. It is designed to comply with the ISO/IEC 27001:2022 standard and is committed to providing a secure environment for research and defense-related activities.
All individuals (employees, contractors, suppliers, and other third parties) using and managing UNSW information are responsible for:

Complying with the ISMS together with any supporting policies, standards, and procedures.

Complying with all established security controls.

Reporting security breaches and taking necessary corrective actions.

Using information assets only as authorised and intended by the System Owner.

Completing (where appropriate) the Cyber Security Awareness training as required.

Reporting cyber incidents

It is important to report any cyber security incidents as quickly as possible so that the UNSW IT Cyber Security team can address any issues and mitigate risk exposure.

Incidents that staff and students should report:

Suspecting your computer or account has been compromised.
Having evidence on how technology or University data may be vulnerable.
Noticing a colleague inappropriately sharing Highly Sensitive or Sensitive data.
Losing a University asset containing sensitive information.

Report an incident

Contact the IT Service Centre for urgent matters or use the button above to report an incident.

Cyber security is everyone’s responsibility and by learning a few rules, simple steps, and following guidelines, we can protect our University from cyber security threats and keep data safe.

"Enhancing cyber security, including protecting information and privacy, is of paramount importance to our core functions of education and research. We all play a part in being cyber smart."

Professor Attila Brungs, Vice-Chancellor and President, UNSW Sydney

Strategy & governance

Cyber Security Strategy & Governance

Our team

2024

Our services

Governance policy management and compliance services

Security risk assessment and management services

Cyber security awareness services

Vendor security services

Security testing services

Enterprise security architecture services

Our achievements

UNSW achieves ISO/IEC 27001:2022 certification

Reporting cyber incidents

Contact the IT Service Centre for urgent matters or use the button above to report an incident.

Leave your feedback

Follow

Strategy & governance

Cyber Security Strategy & Governance

Our team

2024

Our services

Governance policy management and compliance services

Security risk assessment and management services

Cyber security awareness services

Vendor security services

Security testing services

Enterprise security architecture services

Our achievements

UNSW achieves ISO/IEC 27001:2022 certification

Reporting cyber incidents

Contact the IT Service Centre for urgent matters or use the button above to report an incident.