ÌÇÐÄlogo
MyIT

Strategy & governance

Learn about the services provided by the team.

Policies & standards
Personalise
Cybersecurity and privacy concepts to protect data. Lock icon and internet network security technology. Businessmen protecting personal data on tablets and virtual interfaces.

ÌÇÐÄlogo IT Cyber Security help protect our University community as well as inform, educate, and support your understanding of safe online behaviour, practices, and obligations around information security.

Cyber Security Strategy & Governance team

Risk advisory

Our Risk Advisory team provides a solution review of ÌÇÐÄlogo projects integrated with the Portfolio and Project Management Office (PPMO) processes. Our services include a formalised review process incorporating a risk and impact assessment called Cyber Security Risk Assessment (CSRA).

Governance and risk management

Our Governance and Risk Management team is responsible for the development, delivery, and oversight of University-wide cyber security policies, standards, and procedures. This includes ensuring compliance with policies and standards as well as ongoing cyber security risk management.

Strategy & governance services

Strategy & governance services, listed below, are provided via theÌýÌýportal. If you need help with any of the services, please either submit a general request forÌýÌýor contact the IT Service Centre on 02 9385 1333 for assistance.
  • Governance policy management and compliance services:
    Ìý
    • Refer to theÌýÌýwebpage.
    • Refer to theÌýÌýfunction within the MyCyberHub platform toÌýÌýfor Cyber Security Policy and Standards clauses relating to your role.

  • Security risk assessment and management services:

    Submit a general request forÌýÌývia theÌýÌýplatform.

    The following services all reside in theÌýÌýplatform:

    • Raise aÌý.
    • Manage aÌý.
    • Raise anÌý.Ìý
    • Submit aÌý.
    • Add aÌýÌý(asset, application, etc.).
    • UpdateÌýÌý(asset, application, etc.).
    • Complete aÌýÌýif requested to do so.

  • Cyber security awareness services:

    The following services all reside in theÌýÌýplatform:

    • Submit anÌý.
    • Submit aÌý.
    • Submit aÌý.
    • Refer to theÌý.

  • Vendor security services:

    The following services all reside in theÌýÌýplatform:

    • Submit aÌý.
    • Submit aÌý.
    • Register aÌý.
    • UpdateÌý.
    • Submit aÌý.Ìý

  • Security testing services:

    The following services all reside in theÌýÌýplatform:

    • Submit aÌý.
    • Submit aÌý.
    • Submit aÌý.

  • Enterprise security architecture services:

    The following services all reside in theÌýÌýplatform:

    • Submit aÌý.
    • Submit aÌý.
    • Submit aÌý.

More information

  • In response to the increasing demand for robust and verifiable information security for sensitive research data, ÌÇÐÄlogo has achieved the globally recognised ISO/IEC 27001:2022 certification for its Information Security Management System (ISMS).

    What is ISO/IEC 27001:2022?

    The ISO/IEC 27001:2022 standard outlines requirements for establishing, implementing, and continuously improving an ISMS within the context of an organisation’s business objectives and risks.

    By adhering to these requirements, ÌÇÐÄlogo strengthens its information security risk management framework while enabling continuous improvement and maturity of its cyber security practices.

    Scope of certification

    The certification applies to information security within the provision, operational management, and support of IT systems for the following in-scope services:

    • O365 email and Azure storage services (Outlook, OneDrive, SharePoint, and Teams)
    • ÌÇÐÄlogo Research data archive
    • Storage services provided by ÌÇÐÄlogo shared drives
    • Secure Email Gateway services
    • ÌÇÐÄlogo IT managed endpoints.

    The certification applies to the above in-scope services managed from ÌÇÐÄlogo’s main campus in Kensington, Sydney, as well as ÌÇÐÄlogo Canberra at the Australian Defence Force Academy.

    Supporting research and building trust

    This certification underscores ÌÇÐÄlogo’s commitment to robust cyber security risk management standards, directly supporting eligibility for research grants by ensuring compliance with stringent requirements set by research sponsors.

    It also fosters customer and partner trust and enables growth in Student Experience, Lifelong Learning and Societal Impact.

    Driving Innovation and collaboration

    The certification also contributes to ÌÇÐÄlogo innovation and engagement through expanded partnerships and knowledge exchange.

    Through this achievement, ÌÇÐÄlogo reinforces its position as an Australian education sector leader in cyber security, demonstrating its ability to:

    • Safeguard critical systems and data.
    • Support academic excellence and research innovation.
    • Deliver meaningful societal impact.

    For more information about the certification and its benefits, please contact:Ìýcybersecurityawareness@unsw.edu.au

    What is the Information Security Management System (ISMS)?

    An ISMS is a structured framework designed to safeguard an organisation's valuable information assets. It involves coordinating processes, technology, and resources to manage the risks associated with information security effectively.Ìý

    The University's ISMS encompasses the protection of information stored within it and the operational management of research storage services to ensure the confidentiality, integrity, and availability of this information. It is designed to comply with the ISO/IEC 27001:2022 standard and is committed to providing a secure environment for research and defense-related activities.
    Ìý

    Who is part of the ISMS and what are their responsibilities?

    All individuals (employees, contractors, suppliers and other third parties) using and managing ÌÇÐÄlogo information are responsible for:

    • Complying with the ISMS together with any supporting policies, standards, and procedures.
    • Complying with all established security controls.
    • Reporting security breaches and taking necessary corrective actions.
    • Using information assets only as authorised and intended by the System Owner.
    • Completing (where appropriate) theÌýÌýtraining as required.
      Ìý
  • 2024
    • June -Ìý.
    • May -ÌýÌý
      Refer to theÌýÌýor view thisÌý.
    • May -ÌýÌý(introduction of CyberPolicyHub)
    • May -ÌýÌýreminder.
    • May -ÌýÌý(includesÌýÌýand links to register)
    • March -Ìý

Reporting cyber incidents

It is important to report any cyber security incidents as quickly as possible so that ÌÇÐÄlogo IT’s Cyber Security team can address any issues and mitigate risk exposure.

What should I report?

  • Suspecting your computer or account has been compromised.
  • Having evidence on how technology or University data may be vulnerable.
  • Noticing a colleague inappropriately sharing Highly Sensitive or Sensitive data.
  • Losing a University asset containing sensitive information.

Report a cyber security incident by calling the ÌÇÐÄlogo IT Service Centre on 02 9385 1333 or using the link below.

Cyber security is everyone’s responsibility and by learning a few rules, simple steps, and following guidelines, we can protect ourselves and our University from cyber security threats and keep data safe. Go to Cyber Security Training and AwarenessÌýfor more information.
Ìý

"Enhancing cyber security, including protecting information and privacy, is of paramount importance to our core functions of education and research. We all play a part in being cyber smart."Ìý

Professor Attila Brungs, Vice-Chancellor and President, ÌÇÐÄlogo Sydney