Welcome to UWA Cyber Security

Cyber security services
Policies, standards and guidelines
Report a cyber incident

Cyber Security is a body of technologies, processes and practices designed to protect data and other digital assets from cyber-attacks, damage or unauthorised access.

University data can contain sensitive information such as intellectual property, financial data or personal information that all members of the UWA community have a responsibility to protect.

Our services are available to all members of the UWA community, helping you protect your and the University's data and digital assets.

Cyber Security awareness and training

Providing awareness training, including face-to-face workshops and presentations to staff on cyber security risks and good practices.

The University has introduced cyber awareness training, which must be completed by all staff.

The training equips you to identify and manage fundamental cybersecurity risks. The modules in the cyber awareness training will benefit you to gain cyber knowledge you can use to protect both the University’s data and your personal information.

For more information or to provide feedback, contact [email protected].

Cyber Security consultation services

Assessing the potential security risks and exposures of your project, systems, applications and proposed third-party contracts

Identifying pragmatic safeguards to assist you deliver your goals in a secure manner

Assisting with interpretation and application of security policies and guidelines

Cyber Security incident mitigation and response

Responding to cyber security threats, vulnerabilities and incidents.

Conducting post-incident analyses to identify root causes and determine appropriate mitigating controls.

You may request the above cyber security services through the University IT Service Desk. Call ext. 1234 (+61 8 6488 1234) or email [email protected].

We work closely with the University's Information Governance Services to enable 360° information security. If you would like to know more about information classification and handling, privacy, record keeping and retention, please visit the Information Governance Services website.

Policies and standards

At the heart of our cyber security efforts is the mission to enable users of the University’s IT assets and services, our students, staff or third parties, to do their business and achieve their goals in a secure manner. In turn, everyone has to be aware of certain security responsibilities and the role we all play in maintaining adequate security. Our policies define the principles that the University Community must follow when using UWA IT systems and services.

Acceptable Use of IT Policy

IT assets and services of UWA are shared resources that underpin teaching, learning, research and core business activities. The Acceptable Use of IT Policy details your personal security requirements when using IT to maintain a secure, ethical, productive and reliable IT environment for the benefit of all of us.

Cyber Security Policy

UWA recognises that cyber security is a fundamental enabler of its mission and strategies. Without secure and reliable information, we cannot provide world-class education, trusted research and community engagement. The Cyber Security Policy commits the University to preserving the security of its IT assets and services, and expresses risk-based cyber security principles.

Find answers to the most frequently asked questions about these policies

Cyber Security Management Framework

The Cyber Security Policy mandates the development and implementation of a Cyber Security Management Framework (CSMF) that provides detailed requirements for the protection of IT assets and services. This University IT Standard is based on the ISO27001 Standard to leverage industry best practices, benchmark security performance and enable continual improvement.

Cyber Security Guidelines

Email scams and phishing: Think before you click! Learn about how to identify email scams and phishing attacks, which are designed to steal personal information or gain access to University systems.
Email Security (DMARC): UWA is implementing DMARC, an email authentication, policy, and reporting protocol, to further protect the authenticity of the UWA brand by tackling email impersonation and spoofing attacks.
Safe Internet browsing: Learn about the steps you can take to stay safe and protect your personal information when you are browsing the Internet.
Protect your passwords: One of the most common forms of cyber-attack is via weak passwords. Is your password weak and are you following good password practice?
Travelling with electronic devices: If you are travelling for business or personal reasons it is imperative you take extra caution when using your mobile devices.
Easy ways to change your Pheme password: There are now multiple new ways in which you can change your Pheme password or unlock your Pheme account.
Avoid malware infection: What is malware and how do you avoid becoming a victim? Learn what steps you can take to identify and protect your devices and University information.
Secure your devices: Get familiar with some basic steps that you can take to ensure your computer and other devices you use are protected from a cyber-attack.
Protect your sensitive data: If you need to transfer or share sensitive data, follow these simple steps to ensure only authorised people have access to University or personal information.
Acceptable Use of IT Brochure: Here is a printable brochure explaining the requirements of the Acceptable Use of IT Policy.
Accessing regulated digital content from University networks: Learn how to request access to websites considered as regulated digital content.

If you have been a victim of cyber-crime, detect an incident or suspect that malicious activity is taking place, please report it to University IT and help us respond faster.

How to report a cyber security incident

You can call the IT Service Desk on ext. 1234 (+61 8 6488 1234) or email [email protected] to report an incident.

If you wished to make an anonymous complaint or disclosure, you may submit your report through the Complaints portal.

How to identify a cyber security incident

Any attempted or successful unauthorised access, disclosure, or misuse of University computing systems, data or networks (including hacking and theft) can be considered as a cyber security incident. It may involve:

a violation of IT Policies or Standards
device loss or theft - personal or University owned
unauthorised computer or system access
loss of information confidentiality
loss of information availability
compromise of information integrity
a denial of service condition against data, network or computer
misuse of service, systems or information
physical or logical damage to University devices and equipment
tampering with the configuration of University devices and equipment
presence of a virus or other malicious program, including alerts from your antivirus software that your computer may have malware
sudden appearance of unexpected/unusual programs
posting of confidential/restricted data to a publicly accessible website
inadvertent sending of restricted data to unauthorised recipients
establishment of an unauthorised accounts for a computer or application
unusual network connections to a computer or an application
sharing or revealing of University account passwords

Cyber Security