Frequently asked questions
-
Why does UWA have a Cyber Security Policy?
UWA has a Cyber Security Policy to ensure that systems, data and services are protected in a consistent and risk-based way.
It helps safeguard personal information, research data and University systems while supporting teaching, learning and research activities
-
What are my responsibilities under the Cyber Security Policy?
Cyber security is a shared responsibility across the University. What this means for you depends on your role, but everyone has a part to play in protecting UWA’s systems and information.
All users (students, staff and affiliates)
If you use UWA systems or access University data, you are expected to:
- Protect your accounts, passwords and devices
- Use systems responsibly and in line with University policies
- Be alert to phishing, scams and suspicious activity
- Report cyber security incidents or concerns promptly
Staff (including supervisors and managers)
In addition to the above, staff are expected to:
- Ensure cyber security requirements are considered in their day-to-day work
- Support compliance within their teams
- Encourage and reinforce good security practices
- Ensure staff complete required cyber security training
Business System Owners
Business System Owners are responsible for:
- Ensuring the information within their system is appropriately protected
- Understanding the sensitivity and risk associated with that information
- Ensuring appropriate access is assigned and regularly reviewed
- Working with IT and Cyber teams to manage risks and issues
Technical System Owners
Technical System Owners are responsible for:
- Implementing and maintaining appropriate security controls
- Ensuring systems are securely configured, updated and monitored
- Managing vulnerabilities and addressing security issues
- Supporting incident response and recovery activities
-
What is meant by a “risk-based” approach to cyber security?
A risk-based approach means that:
- Systems and data are assessed based on their importance and sensitivity
- Security controls are applied based on the level of risk
This ensures the right level of protection is applied where it matters most.
-
What happens if I don’t follow cyber security requirements?
Not following cyber security requirements can:
- Increase the risk of data breaches or system disruptions
- Impact the University’s operations and reputation
Serious or repeated breaches may be managed under relevant University misconduct policies and processes.
-
Can I connect my personal device to the UWA network?
You can use a personal device to access many UWA services (Wi-Fi, online applications, etc.). The Acceptable Use of IT Policy sets out expectations regarding how a device may or may not be used. We also recommend that you view our guides on protecting your device and protect your digital self.
-
Do I need to follow the Cyber Security Policy if I’m using a personal device?
Yes. The Cyber Security Policy applies whenever you access UWA systems or data, including from personal devices.
You are responsible for ensuring your device does not introduce risk to University systems.
-
Can I connect my personal device to the UWA network?
You can use a personal device to access many UWA services (Wi-Fi, online applications, etc.). The Acceptable Use of IT Policy sets out expectations regarding how a device may or may not be used. We also recommend that you view our guides on protecting your device and protect your digital self.
-
Can I access UWA services remotely?
Many UWA services can be accessed remotely, providing staff with flexible working options.
-
I need to access online material that is blocked by UWA. How can I proceed?
All UWA networks block ‘regulated digital content’: online material that is illegal or otherwise interferes with university values. If you attempt to access content of this nature you will be presented with an in-browser message advising of these restrictions.
Given the breadth of the University’s learning, teaching, and research needs, you may need to access regulated content for legitimate purposes. To do so, please follow the request guidelines.
-
I am working with external collaborators and want them to be able to access UWA systems or services. How can I arrange this?
The digital guest access process allows staff to sponsor external collaborators, providing them with access to Microsoft Teams and SharePoint resources without needing a full-fledged UWA staff account.
For all other purposes (e.g. contractors, vendor support accounts, etc.) please contact the IT Service Desk.
-
I have reported a cyber security incident. Is there anything else I need to do?
Your report will be tracked by our team, and we will be in direct contact if additional information is required. You will then receive any further updates (again via direct contact or email) until the incident is resolved. -
What is the difference between a cyber security event and a cyber security incident? Do I need to report both?
The definitions for a cyber security event and incident are laid out in the Cyber Security Policy. Broadly, a cyber security event is a precursor to a possible cyber security incident; in other words, cause and effect. The UWA Cyber team monitor and analyse hundreds of events daily, though only a minority of those become a fully-fledged incident.
If you think you may have clicked a suspicious link or have reason to suspect that UWA’s systems or data has been exposed please contact the IT Service Desk as soon as you can.
-
I want to be able to protect myself against cyber threats. Where should I start?
The Cyber Security Education Platform provides staff with training modules that can quickly get you up to speed on how to protect yourself, your data, and the University as a whole.
-
What is the Cyber Security Management Framework?
At the heart of our cyber security efforts is the mission to enable users of the University’s IT assets and services, our students, staff or third parties, to do their business and achieve their goals in a secure manner. In turn, everyone must be aware of their security responsibilities and the role we all play in maintaining security.
The Cyber Security Management Framework consists of Policies, Standards and Guidelines to inform the University Community on what they must follow when using UWA IT systems and services. Other UWA Policies and Glossary of terms are published in the UWA Policy Library.
-
What is a Cyber Security Risk?
Cyber security risk is a type of business risk that refers to any exposure to financial loss, disruption or damage to the reputation of an organisation due to a cyber-attack, data breach or other failure of information resources. UWA identifies, assesses and manages cyber security risks according to the University Risk Policy.
Requirements defined in the University’s security policies, standards, guidelines and Cybersecurity Controls Catalogue and Toolkit are designed to prevent, detect or mitigate cyber risks to UWA’s students, staff, information and reputation. Any non-compliance with cyber security requirements exposes the University to cyber risks and therefore must be reported to the Cyber Security team to enable appropriate management of the risk.
-
What is a Cyber Security Risk Rating and how is it calculated?A Cyber Security Risk Rating is defined as a numeric value representing the confidentiality, availability and integrity requirements of an Information Resource (e.g. an IT system, IT service, laptop, portable hard-drive, data sets, etc.).
Still have questions? We’re here to assist you in protecting yourself and the University from cyber-attacks, whatever form they take. Our services include providing cyber security training, consulting assistance when implementing new services or changing existing systems and monitoring and responding to cyber threats. Reach out at [email protected] -
How do I setup MFA
Follow the guide to setup Multi-factor authentication (MFA) for Uni ID accounts and Employee Self Service (ESS).