Information security policy

What do the information security policies mean for me?

The following information provides a ‘snapshot’ of some of the more significant clauses relevant to students. You should still read and understand the Information Technology Conditions of Use Policy, and the Information Security Policy. These policies can be found in the University’s Policy Library.

IT Conditions of Use Policy

Some of the important clauses included in the IT Conditions of Use Policy are:

  • Clause 11 outlines the types of activities that are forbidden on the University network. The use of peer-to-peer software (e.g. BitTorrent), network anonymisers, hacking tools and cryptocurrency mining software are all forbidden.  A list of other software applications that are also forbidden is maintained in the Service Portal.
  • Section 5 outlines the University’s expectations when using your own device on the University network. The use of personal devices, including tablets and mobile phones on the University network must be done in accordance with the Policy and the BYOD Procedure. This includes:
    • Maintaining up-to-date software
    • Requiring a PIN or password to unlock the device
    • Having anti-virus software installed and up-to-date
    • Making your device available to the University for the purposes of any investigation or to securely wipe sensitive University data.
  • Section 7 of the policy provides detail on how the University monitors the network and ICT environment, and what you need to be aware of.
  • The use of unapproved third-party services to store University data, such as Dropbox, Box, Google Drive, and the use of unapproved cloud platforms to process University information, including Software as a Service (SaaS), are prohibited without prior authorisation.

Information security policy

The Information Security Policy defines some guiding principles that underpin how Information Security should be managed by student of the University. The common thread across these guidelines is the phrase 'All users'. It is important to remember that it is not just the job of Digital Technology Solutions, or Systems Administrators, or Research Technical Officers to protect information. We all play a part in protecting information.

The information we aim to protect is not just digital in nature. It also includes information captured in our spiral-bound paper notepads, the conversations we have with others - even Post-It notes stuck to your monitor. It is everyone's responsibility to play their part to protect the University's information from threats to confidentiality, integrity and availability.

Ways you can help protect University information.

  • All users are responsible for following the relevant policies to contribute towards managing University information securely.
  • A risk-based approach to information security should be adopted by all users to help ensure that all information related risks are managed in a consistent and effective manner.
  • All users are to assist with the protection of sensitive University data and information to prevent disclosure to unauthorised individuals.
  • All users must comply with relevant legal and regulatory requirements.
  • All users are to use or apply approved security solutions and services, where possible, to avoid the creation of disparate IT Security controls.

In addition to the guiding principles in the Information Security Policy, there are eight supporting Standards, Guidelines and Procedures aligning to key Information Security domains that provide direction on how to manage Information securely.

These are: