Strategy & governance
Learn about the services provided by the team.
UNSW IT Cyber Security help protect our University community as well as inform, educate, and support your understanding of safe online behaviour, practices, and obligations around information security.
Cyber Security Strategy & Governance team
Risk advisory
Our Risk Advisory team provides a solution review of UNSW projects integrated with the Portfolio and Project Management Office (PPMO) processes. Our services include a formalised review process incorporating a risk and impact assessment called Cyber Security Risk Assessment (CSRA).
Governance and risk management
Our Governance and Risk Management team is responsible for the development, delivery, and oversight of University-wide cyber security policies, standards, and procedures. This includes ensuring compliance with policies and standards as well as ongoing cyber security risk management.
Strategy & governance services
Strategy & governance services, listed below, are provided via the MyCyberHub portal. If you need help with any of the services, please either submit a general request for cyber security advice or contact the IT Service Centre on 02 9385 1333 for assistance.
-
Governance policy management and compliance services:
- Refer to the Cyber Security Policies and Standards webpage.
- Refer to the CyberPolicyHub function within the MyCyberHub platform to easily search for Cyber Security Policy and Standards clauses relating to your role.
-
Security risk assessment and management services:
Submit a general request for cyber security advice via the MyCyberHub platform.
The following services all reside in the MyCyberHub platform:
- Raise a cyber security risk.
- Manage a cyber security risk.
- Raise an exemption for policy non-compliance.
- Submit a cyber security risk assessment (CSRA) request.
- Add a new information resource (asset, application, etc.).
- Update a new information resource (asset, application, etc.).
- Complete a Gap Assessment if requested to do so.
-
Cyber security awareness services:
The following services all reside in the MyCyberHub platform:
- Submit an awareness campaign event/talk request.
- Submit a developer security training request.
- Submit a spear phishing campaign request.
- Refer to the Training and awareness information.
-
Vendor security services:
The following services all reside in the MyCyberHub platform:
- Submit a vendor security risk assessment request.
- Submit a vendor security comparison report request.
- Register a new vendor for monitoring.
- Update information about a current vendor.
- Submit a UNSW domain security scan request.
-
Security testing services:
The following services all reside in the MyCyberHub platform:
- Submit a penetration testing request.
- Submit a static application security/source code testing request.
- Submit a vulnerability scan request.
-
Enterprise security architecture services:
The following services all reside in the MyCyberHub platform:
- Submit a security architecture assessment request.
- Submit a security architecture gap assessment request.
- Submit a security pattern development request.
More information
-
ISO27001 is a globally recognised standard focusing on managing the confidentiality, integrity, and availability of information and systems.
What are the benefits of ISO27001 certification?
Achieving the globally recognised certification for information security will allow the University to demonstrate to our partners that it has a mature information security governance and risk management practice.
What is the Information Security Management System (ISMS)?
An ISMS is a structured framework designed to safeguard an organisation's valuable information assets. It involves coordinating processes, technology, and resources to manage the risks associated with information security effectively.
The University's ISMS encompasses the protection of information stored within it and the operational management of research storage services to ensure the confidentiality, integrity, and availability of this information. It is designed to comply with the ISO/IEC 27001:2022 standard and is committed to providing a secure environment for research and defense-related activities.
Who is part of the ISMS and what are their responsibilities?
All individuals (employees, contractors, suppliers and other third parties) using and managing UNSW information are responsible for:
- Complying with the ISMS together with any supporting policies, standards, and procedures.
- Complying with all established security controls.
- Reporting security breaches and taking necessary corrective actions.
- Using information assets only as authorised and intended by the System Owner.
- Completing (where appropriate) the Cyber Security Awareness training as required.
-
2024
- June - UNSW Cyber Security Summit hailed a phenomenal success.
- May - It's a wrap - Cyber Security Summit a huge success!
Refer to the Summit Program or view this short visual recap. - May - ISO Certification and changes to MyCyberHub (introduction of CyberPolicyHub)
- May - Registrations open for Cyber Security Summit - 28 May reminder.
- May - Sign up today for UNSW’s Cyber Security Summit - 28 May (includes Summit Program and links to register)
- March - Announcing a UNSW Cyber Security Summit for 28 May
Reporting cyber incidents
It is important to report any cyber security incidents as quickly as possible so that UNSW IT’s Cyber Security team can address any issues and mitigate risk exposure.
What should I report?
- Suspecting your computer or account has been compromised.
- Having evidence on how technology or University data may be vulnerable.
- Noticing a colleague inappropriately sharing Highly Sensitive or Sensitive data.
- Losing a University asset containing sensitive information.
Report a cyber security incident by calling the UNSW IT Service Centre on 02 9385 1333 or using the link below.
Cyber security is everyone’s responsibility and by learning a few rules, simple steps, and following guidelines, we can protect ourselves and our University from cyber security threats and keep data safe. Go to Cyber Security Training and Awareness for more information.
"Enhancing cyber security, including protecting information and privacy, is of paramount importance to our core functions of education and research. We all play a part in being cyber smart."
Professor Attila Brungs, Vice-Chancellor and President, UNSW Sydney