Frequently asked questions

Can I connect my personal device to the UWA network?

You can use a personal device to access many UWA services (Wi-Fi, online applications, etc.). The Acceptable Use of IT Policy sets out expectations regarding how a device may or may not be used. We also recommend that you view our guides on protecting your device and protect your digital self.
Can I access UWA services remotely?

Many UWA services can be accessed remotely, providing staff with flexible working options.
I need to install an application that is blocked by UWA. How can I proceed?

The protections in place on UWA-managed devices prevent the installation of third-party applications. Exceptions can be sought through the local administrative rights process.
I need to access online material that is blocked by UWA. How can I proceed?

All UWA networks block ‘regulated digital content’: online material that is illegal or otherwise interferes with university values. If you attempt to access content of this nature you will be presented with an in-browser message advising of these restrictions.

Given the breadth of the University’s learning, teaching, and research needs, you may need to access regulated content for legitimate purposes. To do so, please follow the request guidelines.
I am working with external collaborators and want them to be able to access UWA systems or services. How can I arrange this?

The digital guest access process allows staff to sponsor external collaborators, providing them with access to Microsoft Teams and SharePoint resources without needing a full-fledged UWA staff account.

For all other purposes (e.g. contractors, vendor support accounts, etc.) please contact the IT Service Desk.
I have reported a cyber security incident. Is there anything else I need to do?

Your report will be tracked by our team, and we will be in direct contact if additional information is required. You will then receive any further updates (again via direct contact or email) until the incident is resolved.
What is the difference between a cyber security event and a cyber security incident? Do I need to report both?

The definitions for a cyber security event and incident are laid out in the Cyber Security Policy. Broadly, a cyber security event is a precursor to a possible cyber security incident; in other words, cause and effect. The UWA Cyber team monitor and analyse hundreds of events daily, though only a minority of those become a fully-fledged incident.

If you think you may have clicked a suspicious link or have reason to suspect that UWA’s systems or data has been exposed please contact the IT Service Desk as soon as you can.
I want to be able to protect myself against cyber threats. Where should I start?

The Cyber Security Education Platform provides staff with training modules that can quickly get you up to speed on how to protect yourself, your data, and the University as a whole.
What is the Cyber Security Management Framework?

At the heart of our cyber security efforts is the mission to enable users of the University’s IT assets and services, our students, staff or third parties, to do their business and achieve their goals in a secure manner. In turn, everyone must be aware of their security responsibilities and the role we all play in maintaining security.

The Cyber Security Management Framework consists of Policies, Standards and Guidelines to inform the University Community on what they must follow when using UWA IT systems and services. Other UWA Policies and Glossary of terms are published in the UWA Policy Library.
What is a cyber security risk?

Cyber security risk is a type of business risk that refers to any exposure to financial loss, disruption or damage to the reputation of an organisation due to a cyber-attack, data breach or other failure of information resources. UWA identifies, assesses and manages cyber security risks according to the University Risk Policy.

Requirements defined in the University’s security policies, guidelines and Cybersecurity Controls Catalogue and Toolkit[ are designed to prevent, detect or mitigate cyber risks to UWA’s students, staff, information and reputation. Any non-compliance with cyber security requirements exposes the University to cyber risks and therefore must be reported to the Cyber Security team to enable appropriate management of the risk.
What is a Cyber Security Risk Rating and how is it calculated?

A Cyber Security Risk Rating is defined as a numeric value representing the confidentiality, availability and integrity requirements of an Information Resource (e.g. an IT system, IT service, laptop, portable hard-drive, data sets, etc.).

Still have questions? We’re here to assist you in protecting yourself and the University from cyber-attacks, whatever form they take. Our services include providing cyber security training, consulting assistance when implementing new services or changing existing systems and monitoring and responding to cyber threats.

The University uses this rating as an indicator of the potential negative consequences should a cyber-attack compromised the resource. The higher the risk rating the greater the potential loss and consequently the more critical it is for security measures to be in place.

Information resources with “High” cyber risk rating (i.e. a score of 10, 11 or 12) are considered cyber critical and required to comply with enhanced security measures. Business Systems Owners of “High” cyber risk rated resources also have additional responsibilities as defined in the Cyber Security Policy (section 5 - Cyber Security Roles and Responsibilities)

Using the below table, the cyber risk rating can easily be established by determining the appropriate score for availability, integrity and confidentiality needs of the resource and summing the three scores up. (if multiple levels are applicable, select the highest score)

SCORE	AVAILABILITY¹	INTEGRITY²	CONFIDENTIALITY³
0	Not time critical	Loss of integrity results inLowrated consequences	Asset only holds data classified as Public (e.g. course information, published research, marketing materials)
1	RTO >= 1 week	Loss of integrity results inMinorconsequences	Asset generally holds data classified asConfidentialor sporadic more sensitive records (Confidential: proposed courses, internal procedures, general email correspondence)
2	RTO < 1 week	Loss of integrity results in Moderateconsequences (e.g. sporadic academic records, administrative contracts)	Asset holds volumes (>1000 records) of Confidential Restricted data (e.g. PII, exam results, standard contracts and financial records)
3	RTO < 1 day	Loss of integrity results in Majorconsequences (e.g. health records, active defence/restricted research data, volumes of academic records, administrative contracts)	Asset holds volumes (>1000 records) ofHighly Restricted data (e.g. sensitive PII, government ID’s, health records, biometrics, active defence/restricted/animal research, passwords, ethics and data breaches)
4	RTO < 1 hour	Loss of integrity results in Extremeconsequences (e.g. volumes (>1000 records) of health records, active defence/restricted research data)	Asset holds volumes (>1000 records) of Highly Restricted data, including Tax File Numbers (TFN) or Individual Healthcare Identifiers (IHI)accompanied by other PII

¹Availability requirements as defined in UWA Business Impact Assessments

²Consequence scale as defined in UWA Risk Matrix

³Data classification as defined in UWA Information Protection Policy

How do I setup MFA for ESS

Follow the guides to setup Multi-factor authentication (MFA) for Employee Self Service (ESS).

MFA Setup for ESS using Authenticator App

MFA Setup for ESS using an Email

The University of Western Australia

About us

Leadership and governance

Our campus

Working at UWA

Frequently asked questions

The University of Western Australia

How can we help you?

Leadership and governance

Our campus

Working at UWA

Frequently asked questions