UNSW is advancing our cyber security

13 Nov 2023
A white jigsaw puzzle in progress with pieces reading Cyber Awareness, IT Asset Inventory, Password Reset and more

Learn how this will affect you and how you can contribute to our cyber safety. 

UNSW’s Cyber Security Resilience Program continues to build and improve our cyber security and will be introducing cyber security awareness training, upgrading the University’s password requirements, and improving our risk management processes and related policies. 

Launch of mandatory Cyber Security Awareness training 

The UNSW Cyber Security Awareness module websiteThe University is launching our new Cyber Security Awareness training module in late November. This mandatory learning requirement for all UNSW staff will help us combat the increasing risks and threats to the University’s data resources.  

As valued members of the University community, we each play a role in improving cyber security. By learning a few simple steps and better understanding the University’s guidelines, we can keep our data safe and protect both ourselves and the University from cyber security threats.

All UNSW staff with an active zID account must complete the training. You will be automatically enrolled and will receive email communication with directions to complete the module, available in Moodle. 

Please take a moment to watch this short video from our Vice-Chancellor and President, Professor Attila Brungs.  

Visit the Cyber Security training and awareness website for more information or contact cybersecurityawareness@unsw.edu.au.    

Changes to UNSW passwords to be rolled out from January  

UNSW is strengthening our password standards to align with recognised best practice to better protect university data and systems.

An open notebook with handwritten wordsThe words Create a password that is above asterisks and the words lon9, unpredict@ble and uniQue

Just to put everyone on the same page, the zID password as you know it is typically composed of a minimum of 8 letters/numbers or symbols, or a combination of both. Longer passwords, also known as passphrases, can be a string of words (including numbers and symbols) which are unpredictable and unique, making it more difficult for cybercriminals to crack.  
Starting from January, all staff and students with an active zID will be asked to change to a longer password/passphrase with a minimum of 14 letters/numbers or symbols, or combination of. When your password is due to expire, you’ll receive a notification email with instructions to adopt this change. 

As usual, once you’ve set up your new password, allow 10 minutes for it to take effect and be aware that you may be prompted to multi-factor authenticate across different systems/devices.  

Important: If your due date expires and you have not changed your password, you will not be able to log into UNSW systems and devices. In this event, please use another device and visit iam.unsw.edu.au and use the I forgot my password option.   

The Identity Manager for Staff and Identity Manager for Students webpages and Identity Manager portal will be updated to reflect these changes.  

Please keep an eye out for email asking you to Change your zID password before it expires

Gap assessments underway as part of UNSW’s Cyber Security Policy Framework 

Thank you to everyone involved in implementing the updated Cyber Security Policy Framework. The Framework, approved by the Vice-Chancellor in December 2022, supports the University in protecting sensitive information within an increasing cyber threat environment.  

The UNSW Cyber Program has been working with business owners and key leaders across the University to identify information resources/services and their owners, document cyber security risk ratings, and understand compliance to UNSW’s Cyber Security Policies and Standards.  

A diagram of the UNSW Risk Management Framework

We have recently undertaken a cyber security gap assessment, working with business owners, information service owners and technical subject matter experts. This assessment is being used to establish tactical and strategic actions to address vulnerabilities in our systems and services.  

Gap assessments ensure cyber security risks are appropriately identified, assessed, reported and treated, consistent with the Risk Management Standard and associated laws, regulations, standards and contractual obligations. 

Business Owners are responsible for completing gap assessments and ensuring the cyber security controls are implemented for all UNSW information resources within their area of responsibility, in accordance with the Risk Management Standard requirements.  

Senior Managers, including Deputy Vice-Chancellors, Vice-Presidents, Deans and the Rector UNSW Canberra are accountable for the annual attestation of compliance to the Cyber Security Risk Management Framework.   

Business Owners will soon receive their gap assessment compliance reports, via MyCyberHub, outlining all identified compliance gaps and recommended remediation actions. It’s important that Business Owners read and understand these reports. Closing these gaps will ensure our information resources are compliant with the policy framework and strengthen the University's cyber security.

The UNSW Cyber Security Resilience Program

Refer to the 2023 overview of projects, visit our UNSW IT webpage for all program information or drop us a line and stay in touch via our Viva group channel.   
The MyIT website is the home of all UNSW Cyber Security information.