What’s new with UNSW cyber security this April

03 Apr 2023
Person typing on a keyboard

Find out what you need to know and what we’re doing to keep the University secure.

Cyber security is everyone’s responsibility. Here’s an update on User Access Review, awareness training, endpoint security, policy framework and network hardening.

User Access Review is underway for 2023

Last year, UNSW Sydney introduced a formal User Access Review (UAR), analysing 21 critical applications and revoking access where redundant.

The Cyber Security Standard, Identity and Access Management, requires all access to University IT services to be authorised, restricted based on need, and to be periodically verified. Without these periodic reviews, the University is at risk of unauthorised access, fraudulent activity, or confidentiality and privacy breaches.

Cyber security

 

This year, the UAR will target approximately 50 of our most critical systems.

Business Owners of in-scope applications will be contacted starting early April to begin the UAR process which encompasses data collection/analysis, review, remediation and reporting.

Managers of staff who have access to the in-scope applications, will be contacted starting early June and asked to review accesses to ensure currency and appropriateness. 

A new easy-to-use MyUAR tool will be used by Business Owners and managers to complete the review. Weekly Drop-In (Teams) sessions will also be available for those who need additional support or have questions.

Staff using any of the in-scope systems have no action as part of the UAR. Any questions about access should be directed to your manager. Additional or new access requests should follow existing processes.

Look out for communications and instructions from the Cyber Security UAR mailbox: cybersecurity-UAR@unsw.edu.au.

New Cyber Security Awareness eLearning module for staff

By learning a few simple steps and following guidelines, you can protect yourself and the University from cyber security threats and keep data safe.

From May 2023, the University will introduce a new Cyber Security Awareness eLearning module that will be mandatory for all staff. The module will help you improve your awareness of cyber security threats and develop good cyber-savvy behaviours to protect yourself and the University.

Please take a moment to watch this video and hear from our Vice-Chancellor on the importance of staff completing this module when it becomes available.

Improving endpoint security

Updated security policies for staff devices have been successfully deployed to early adopters for both Windows and Mac devices. These policies will be implemented on all UNSW IT-managed devices across the University during April. 

To ensure you have the latest security policies applied to your University device, please connect it to the UNSW network and run any security updates presented. If you are working from home, simply connect your University device to the VPN.

Look out for emails and information from the Cyber Security Resilience Program mailbox: cybersecurityresilienceprogram@unsw.edu.au.

Policy Framework

Our Cyber Security Policies and Standards reflect the University’s cyber security risk management objectives.

In implementing the framework, UNSW is currently conducting system inventory validation and discovery work with Business Owners and Technical Owners to identify systems, classify data and establish cyber risk ratings. Once the validation and discovery work is completed, the team will identify gaps in compliance to the Policy Framework and work with owners to development remediation plans.

Network hardening

We are reaching out to Technical Owners of IT services to clarify current network firewall rules in place. This will allow us to improve rules to better safeguard our University network.

Cyber security


Learn more about the Cyber Security Resilience Program and its various projects, or stay in touch via the program Yammer channel.  
 
All UNSW Cyber Security information is available on the MyIT hub. 
 

Comments