Information security policy
What do the information security policies mean for me?
The following information provides a ‘snapshot’ of some of the more significant clauses relevant to students. You should still read and understand the Information Technology Conditions of Use Policy, and the Information Security Policy. These policies can be found in the University’s Policy Library.
IT Conditions of Use Policy
Some of the important clauses included in the IT Conditions of Use Policy are:
- Clause 11 outlines the types of activities that are forbidden on the University network. The use of peer-to-peer software (e.g. BitTorrent), network anonymisers, hacking tools and cryptocurrency mining software are all forbidden. A list of other software applications that are also forbidden is maintained in the IT service portal.
- Section 5 outlines the University’s expectations when using your own device on the University network. The use of personal devices, including tablets and mobile phones on the University network must be done in accordance with the Policy and the BYOD Procedure. This includes:
- Maintaining up-to-date software
- Requiring a PIN or password to unlock the device
- Having anti-virus software installed and up-to-date
- Making your device available to the University for the purposes of any investigation or to securely wipe sensitive University data.
- Section 7 of the policy provides detail on how the University monitors the network and ICT environment, and what you need to be aware of.
- The use of unapproved third-party services to store University data, such as Dropbox, Box, Google Drive, and the use of unapproved cloud platforms to process University information, including Software as a Service (SaaS), are prohibited without prior authorisation.
Information security policy
The Information Security Policy defines some guiding principles that underpin how Information Security should be managed by student of the University. The common thread across these guidelines is the phrase 'All users'. It is important to remember that it is not just the job of IT Services, or Systems Administrators, or Research Technical Officers to protect information. We all play a part in protecting information.
The information we aim to protect is not just digital in nature. It also includes information captured in our spiral-bound paper notepads, the conversations we have with others - even Post-It notes stuck to your monitor. It is everyone's responsibility to play their part to protect the University's information from threats to confidentiality, integrity and availability.
Ways you can help protect University information.
- All users are responsible for following the relevant policies to contribute towards managing University information securely.
- A risk-based approach to information security should be adopted by all users to help ensure that all information related risks are managed in a consistent and effective manner.
- All users are to assist with the protection of sensitive University data and information to prevent disclosure to unauthorised individuals.
- All users must comply with relevant legal and regulatory requirements.
- All users are to use or apply approved security solutions and services, where possible, to avoid the creation of disparate IT Security controls.
In addition to the guiding principles in the Information Security Policy, there are eight supporting Standards, Guidelines and Procedures aligning to key Information Security domains that provide direction on how to manage Information securely.
- Human Resource Security - Human Resource Information Security Guidelines
- Incident Management - Information Security Incident Management Guidelines
- Asset Management - Information Security Data Classification and Handling Manual
- Telecommunications Security - Information Security Network Security Manual
- Access Control - Information Security Access Control Manual
- Physical & Environmental Security - Information Security Physical and Environmental Security Manual
- Operations Management - Information Security Operations Management Manual & Information Security Patch Management Manual