Welcome to UWA Cyber Security

Cyber Security is a body of technologies, processes and practices designed to protect data and other digital assets from cyber-attacks, damage or unauthorised access.

University data can contain sensitive information such as intellectual property, financial data or personal information that all members of the UWA community have a responsibility to protect.

Our services are available to all members of the UWA community, helping you protect your and the University's data and digital assets.

Cyber Security awareness and training

Providing awareness training, including face-to-face workshops and presentations to staff on cyber security risks and good practices.

The University has introduced cyber awareness training, which must be completed by all staff.

The training equips you to identify and manage fundamental cybersecurity risks. The modules in the cyber awareness training will benefit you to gain cyber knowledge you can use to protect both the University’s data and your personal information.

For more information or to provide feedback, contact [email protected].

Cyber Security consultation services

Assessing the potential security risks and exposures of your project, systems, applications and proposed third-party contracts

Identifying pragmatic safeguards to assist you deliver your goals in a secure manner

Assisting with interpretation and application of security policies and guidelines

Cyber Security incident mitigation and response

Responding to cyber security threats, vulnerabilities and incidents.

Conducting post-incident analyses to identify root causes and determine appropriate mitigating controls.

You may request the above cyber security services through the University IT Service Desk. Call ext. 1234 (+61 8 6488 1234) or email [email protected].

We work closely with the University's Information Governance Services to enable 360° information security. If you would like to know more about information classification and handling, privacy, record keeping and retention, please visit the Information Governance Services website.

Policies and standards

At the heart of our cyber security efforts is the mission to enable users of the University’s IT assets and services, our students, staff or third parties, to do their business and achieve their goals in a secure manner. In turn, everyone has to be aware of certain security responsibilities and the role we all play in maintaining adequate security. Our policies define the principles that the University Community must follow when using UWA IT systems and services.

Acceptable Use of IT Policy

IT assets and services of UWA are shared resources that underpin teaching, learning, research and core business activities. The Acceptable Use of IT Policy details your personal security requirements when using IT to maintain a secure, ethical, productive and reliable IT environment for the benefit of all of us.

Cyber Security Policy

UWA recognises that cyber security is a fundamental enabler of its mission and strategies. Without secure and reliable information, we cannot provide world-class education, trusted research and community engagement. The Cyber Security Policy commits the University to preserving the security of its IT assets and services, and expresses risk-based cyber security principles.

Cyber Security Management Framework

The Cyber Security Policy mandates the development and implementation of a Cyber Security Management Framework (CSMF) that provides detailed requirements for the protection of IT assets and services. This University IT Standard is based on the ISO27001 Standard to leverage industry best practices, benchmark security performance and enable continual improvement.

Cyber Security Guidelines

Email scams and phishing
Think before you click! Learn about how to identify email scams and phishing attacks, which are designed to steal personal information or gain access to University systems.
Safe Internet browsing
Learn about the steps you can take to stay safe and protect your personal information when you are browsing the Internet.
Protect your passwords
One of the most common forms of cyber-attack is via weak passwords. Is your password weak and are you following good password practice?
Travelling with electronic devices
If you are travelling for business or personal reasons it is imperative you take extra caution when using your mobile devices.
Easy ways to change your Pheme password
There are now multiple new ways in which you can change your Pheme password or unlock your Pheme account.
Avoid malware infection
What is malware and how do you avoid becoming a victim? Learn what steps you can take to identify and protect your devices and University information.
Secure your devices
Get familiar with some basic steps that you can take to ensure your computer and other devices you use are protected from a cyber-attack.
Protect your sensitive data

If you need to transfer or share sensitive data, follow these simple steps to ensure only authorised people have access to University or personal information.

Acceptable Use of IT Brochure
Here is a printable brochure explaining the requirements of the Acceptable Use of IT Policy.
Accessing regulated digital content from University networks

Learn how to request access to websites considered as regulated digital content.

If you have been a victim of cyber-crime, detect an incident or suspect that malicious activity is taking place, please report it to University IT and help us respond faster.

How to report a cyber security incident

You can call the IT Service Desk on ext. 1234 (+61 8 6488 1234) or email [email protected] to report an incident.

If you wished to make an anonymous complaint or disclosure, you may submit your report through the Complaints portal.

How to identify a cyber security incident

Any attempted or successful unauthorised access, disclosure, or misuse of University computing systems, data or networks (including hacking and theft) can be considered as a cyber security incident. It may involve:

  • a violation of IT Policies or Standards
  • device loss or theft - personal or University owned
  • unauthorised computer or system access
  • loss of information confidentiality
  • loss of information availability
  • compromise of information integrity
  • a denial of service condition against data, network or computer
  • misuse of service, systems or information
  • physical or logical damage to University devices and equipment
  • tampering with the configuration of University devices and equipment
  • presence of a virus or other malicious program, including alerts from your antivirus software that your computer may have malware
  • sudden appearance of unexpected/unusual programs
  • posting of confidential/restricted data to a publicly accessible website
  • inadvertent sending of restricted data to unauthorised recipients
  • establishment of unauthorised accounts for a computer or application
  • unusual network connections to a computer or an application
  • sharing or revealing of University account passwords
  • receiving notification of password change attempts that weren't initiated by the account holder
  • clicking on malicious links, downloading unrecognised file extensions, or suspicious attachments or filling fraudulent data-entry forms

Frequently asked questions

Can I connect my personal device to the UWA network?

You can use a personal device to access many UWA services (Wi-Fi, online applications, etc.). The Acceptable Use of IT Policy sets out expectations regarding how a device may or may not be used. We also recommend that you view our guides on protecting your device and protect your digital self.

Can I access UWA services remotely?

Many UWA services can be accessed remotely, providing staff with flexible working options.

I need to install an application that is blocked by UWA. How can I proceed?

The protections in place on UWA-managed devices prevent the installation of third-party applications. Exceptions can be sought through the local administrative rights process.

I need to access online material that is blocked by UWA. How can I proceed?

All UWA networks block ‘regulated digital content’: online material that is illegal or otherwise interferes with university values. If you attempt to access content of this nature you will be presented with an in-browser message advising of these restrictions.

Given the breadth of the University’s learning, teaching, and research needs, you may need to access regulated content for legitimate purposes. To do so, please follow the request guidelines.

I am working with external collaborators and want them to be able to access UWA systems or services. How can I arrange this?

The digital guest access process allows staff to sponsor external collaborators, providing them with access to Microsoft Teams and SharePoint resources without needing a full-fledged UWA staff account.

For all other purposes (e.g. contractors, vendor support accounts, etc.) please contact the IT Service Desk.

I have reported a cyber security incident. Is there anything else I need to do?

Your report will be tracked by our team, and we will be in direct contact if additional information is required. You will then receive any further updates (again via direct contact or email) until the incident is resolved.

What is the difference between a cyber security event and a cyber security incident? Do I need to report both?

The definitions for a cyber security event and incident are laid out in the Cyber Security Policy. Broadly, a cyber security event is a precursor to a possible cyber security incident; in other words, cause and effect. The UWA Cyber team monitor and analyse hundreds of events daily, though only a minority of those become a fully-fledged incident.

If you think you may have clicked a suspicious link or have reason to suspect that UWA’s systems or data has been exposed please contact the IT Service Desk as soon as you can.

I want to be able to protect myself against cyber threats. Where should I start?

The Cyber Security Education Platform provides staff with training modules that can quickly get you up to speed on how to protect yourself, your data, and the University as a whole.

What is the Cyber Security Management Framework?

At the heart of our cyber security efforts is the mission to enable users of the University’s IT assets and services, our students, staff or third parties, to do their business and achieve their goals in a secure manner. In turn, everyone must be aware of their security responsibilities and the role we all play in maintaining security.

The Cyber Security Management Framework consists of Policies, Standards and Guidelines to inform the University Community on what they must follow when using UWA IT systems and services. Other UWA Policies and Glossary of terms are published in the UWA Policy Library.

What is a cyber security risk?

Cyber security risk is a type of business risk that refers to any exposure to financial loss, disruption or damage to the reputation of an organisation due to a cyber-attack, data breach or other failure of information resources. UWA identifies, assesses and manages cyber security risks according to the University Risk Policy.

Requirements defined in the University’s security policies, guidelines and Cybersecurity Controls Catalogue and Toolkit[ are designed to prevent, detect or mitigate cyber risks to UWA’s students, staff, information and reputation. Any non-compliance with cyber security requirements exposes the University to cyber risks and therefore must be reported to the Cyber Security team to enable appropriate management of the risk.

What is a Cyber Security Risk Rating and how is it calculated?

A Cyber Security Risk Rating is defined as a numeric value representing the confidentiality, availability and integrity requirements of an Information Resource (e.g. an IT system, IT service, laptop, portable hard-drive, data sets, etc.).  A full rundown of the criteria for different ratings is available on the Cyber Security Risk Guideline page.

Still have questions? We’re here to assist you in protecting yourself and the University from cyber-attacks, whatever form they take. Our services include providing cyber security training, consulting assistance when implementing new services or changing existing systems and monitoring and responding to cyber threats.

Contact us