Strategy & governance
UNSW IT Cyber Security help protect our University community as well as inform, educate, and support your understanding of safe online behaviour, practices, and obligations around information security.
Cyber Security Strategy & Governance
Our team
Our Risk Advisory team provides a solution review of UNSW projects integrated with the Portfolio and Project Management Office (PPMO) processes. Our services include a formalised review process incorporating a risk and impact assessment called Cyber Security Risk Assessment (CSRA).
Our Governance and Risk Management team is responsible for the development, delivery, and oversight of University-wide cyber security policies, standards, and procedures. This includes ensuring compliance with policies and standards as well as ongoing cyber security risk management.
-
2025
- August - You can protect yourself against phishing threats
- July - Self-manage suspicius emails with a new AI capability
- May - Complete our new mandatory training module, Security@UNSW
- May - UNSW Cyber Security receives national prize for leadership and impact
2024
- June - UNSW Cyber Security Summit hailed a phenomenal success.
- May - It's a wrap - Cyber Security Summit a huge success!
Refer to the Summit Program or view this short visual recap. - May - ISO Certification and changes to MyCyberHub (introduction of CyberPolicyHub)
- March - Announcing a UNSW Cyber Security Summit for 28 May
Our services
Strategy and Governance services, listed below, are provided via the MyCyberHub portal. If you need help with any of the services, please either submit a general request for cyber security advice or contact the IT Service Centre on for assistance.
-
- Refer to the Cyber Security Policies and Standards webpage.
- Refer to the CyberPolicyHub function within the MyCyberHub platform to easily search for Cyber Security Policy and Standards clauses relating to your role.
-
- Raise a cyber security risk.
- Manage a cyber security risk.
- Raise an exemption for policy non-compliance.
- Submit a cyber security risk assessment (CSRA) request.
- Add a new information resource (asset, application, etc.).
- Update a new information resource (asset, application, etc.).
- Complete a Gap Assessment if requested to do so.
-
- Submit an awareness campaign event/talk request.
- Submit a developer security training request.
- Submit a spear phishing campaign request.
- Refer to the Training and awareness information.
-
- Submit a vendor security risk assessment request.
- Submit a vendor security comparison report request.
- Register a new vendor for monitoring.
- Update information about a current vendor.
- Submit a UNSW domain security scan request.
-
- Submit a penetration testing request.
- Submit a static application security/source code testing request.
- Submit a vulnerability scan request.
-
- Submit a security architecture assessment request.
- Submit a security architecture gap assessment request.
- Submit a security pattern development request.
Reporting cyber incidents
It is important to report any cyber security incidents as quickly as possible so that the UNSW IT Cyber Security team can address any issues and mitigate risk exposure.
Incidents that staff and students should report:
- Suspecting your computer or account has been compromised.
- Having evidence on how technology or University data may be vulnerable.
- Noticing a colleague inappropriately sharing Highly Sensitive or Sensitive data.
- Losing a University asset containing sensitive information.
Contact the IT Service Centre for urgent matters or use the button above to report an incident.
Cyber security is everyone’s responsibility and by learning a few rules, simple steps, and following guidelines, we can protect our University from cyber security threats and keep data safe.
"Enhancing cyber security, including protecting information and privacy, is of paramount importance to our core functions of education and research. We all play a part in being cyber smart."
Professor Attila Brungs, Vice-Chancellor and President, UNSW Sydney