Welcome to UWA Cyber Security
Cyber Security is a body of technologies, processes and practices designed to protect data and other digital assets from cyber-attacks, damage or unauthorised access.
University data can contain sensitive information such as intellectual property, financial data or personal information that all members of the UWA community have a responsibility to protect.
Our services are available to all members of the UWA community, helping you protect your and the University's data and digital assets.
Cyber Security awareness and trainingProviding awareness training, including face-to-face workshops and presentations to staff on cyber security risks and good practices
Cyber Security consultation servicesAssessing the potential security risks and exposures of your project, systems, applications and proposed third-party contracts
Identifying pragmatic safeguards to assist you deliver your goals in a secure manner
Assisting with interpretation and application of security policies and guidelines
Cyber Security incident mitigation and responseResponding to cyber security threats, vulnerabilities and incidents.
Conducting post-incident analyses to identify root causes and determine appropriate mitigating controls.
We work closely with the University's Information Governance Services to enable 360° information security. If you would like to know more about information classification and handling, privacy, record keeping and retention, please visit the Information Governance Services website.
Policies and standardsAt the heart of our cyber security efforts is the mission to enable users of the University’s IT assets and services, our students, staff or third parties, to do their business and achieve their goals in a secure manner. In turn, everyone has to be aware of certain security responsibilities and the role we all play in maintaining adequate security. Our policies define the principles that the University Community must follow when using UWA IT systems and services.
Acceptable Use of IT PolicyIT assets and services of UWA are shared resources that underpin teaching, learning, research and core business activities. The Acceptable Use of IT Policy details your personal security requirements when using IT to maintain a secure, ethical, productive and reliable IT environment for the benefit of all of us.
Cyber Security PolicyUWA recognises that cyber security is a fundamental enabler of its mission and strategies. Without secure and reliable information, we cannot provide world-class education, trusted research and community engagement. The Cyber Security Policy commits the University to preserving the security of its IT assets and services, and expresses risk-based cyber security principles.
Cyber Security Management FrameworkThe Cyber Security Policy mandates the development and implementation of a Cyber Security Management Framework (CSMF) that provides detailed requirements for the protection of IT assets and services. This University IT Standard is based on the ISO27001 Standard to leverage industry best practices, benchmark security performance and enable continual improvement.
Cyber Security Guidelines
Protect your digital self
- Email scams and phishing
- Think before you click! Learn about how to identify email scams and phishing attacks, which are designed to steal personal information or gain access to University systems.
- Safe Internet browsing
- Learn about the steps you can take to stay safe and protect your personal information when you are browsing the Internet.
- Protect your passwords
- One of the most common forms of cyber-attack is via weak passwords. Is your password weak and are you following good password practice?
- Travelling with electronic devices
- If you are travelling for business or personal reasons it is imperative you take extra caution when using your mobile devices.
- Easy ways to change your Pheme password
- There are now multiple new ways in which you can change your Pheme password or unlock your Pheme account.
Protect your devices
- Avoid malware infection
- What is malware and how do you avoid becoming a victim? Learn what steps you can take to identify and protect your devices and University information.
- Secure your devices
- Get familiar with some basic steps that you can take to ensure your computer and other devices you use are protected from a cyber-attack.
- Protect your sensitive data
If you need to transfer or share sensitive data, follow these simple steps to ensure only authorised people have access to University or personal information.
Protect your University
- Acceptable Use of IT Brochure
- Here is a printable brochure explaining the requirements of the Acceptable Use of IT Policy.
- Accessing regulated digital content from University networks
Learn how to request access to websites considered as regulated digital content.
If you have been a victim of cyber-crime, detect an incident or suspect that malicious activity is taking place, please report it to University IT and help us respond faster.
How to report a cyber security incident
If you wished to make an anonymous complaint or disclosure, you may submit your report through the Complaints portal.
How to identify a cyber security incident
Any attempted or successful unauthorised access, disclosure, or misuse of University computing systems, data or networks (including hacking and theft) can be considered as a cyber security incident. It may involve:
- a violation of IT Policies or Standards
- device loss or theft - personal or University owned
- unauthorised computer or system access
- loss of information confidentiality
- loss of information availability
- compromise of information integrity
- a denial of service condition against data, network or computer
- misuse of service, systems or information
- physical or logical damage to University devices and equipment
- tempering with the configuration of University devices and equipment
- presence of a virus or other malicious program, including alerts from your antivirus software that your computer may have malware
- sudden appearance of unexpected/unusual programs
- posting of confidential/restricted data to a publicly accessible website
- inadvertent sending of restricted data to unauthorised recipients
- establishment of an unauthorised accounts for a computer or application
- unusual network connections to a computer or an application
- sharing or revealing of University account passwords