go to UNSW home page
UNSW Home IT at UNSW Home
  
UNSW Home
IT at UNSW Home
About
 
Chief IT Architect
IT Transition
IT Customer Services
Faculty IT Services
IT Enterprise Systems
IT Infrastructure
  IT Security
Project Management Office
IT at UNSW Newsletter
About> IT Infrastructure> IT Security

About IT Security & Risk Management Services Office
About Us

About the IT Security and Risk Management Services Office
The role of the IT Security & Risk Management Services Office is to help preserve the confidentiality and integrity of IT systems and network resources that are managed by IT at UNSW and to ensure that those resources remain available to bona fide users in accordance with defined service levels. The office will achieve this by implementing the following:

  • Raising awareness of IT security issues and strategies at UNSW
  • Protecting against internal and external threats
  • Ensuring key IT systems remain available as per defined service levels
  • Detecting attempted and actual security breaches
  • Facilitating swift response to, and recovery from, security incidents
  • Reducing the complexity of the current security architecture
The IT Security & Risk Management Services Office will adopt a defence-in-depth approach that includes strengthening network, hardware and software interfaces.

Defence in Depth Illustration
  

Perimeter Defences

  

Network Defences

  

Host Defences

  

Application Defences

  

Data & Resources


Functions and Services

The IT Security and Risk Management Services Office aims to provide the following core functions: incident prevention, incident detection and response, and incident recovery.

Incident Prevention
Incident Prevention involves assessing current and potential threats and applying effective countermeasures, which help to mitigate those threats from materialising by:

  • Designing a security architecture
  • Developing and deploying an IT security awareness and training program, appropriate processes and procedures
  • A constant system of review: verifying compliance against agreed policies, standards and procedures, and assurance that controls remain efficient and cost effective
Incident Response
Incident Response means identifying, containing and eradicating threats and root causes in the event of a security breach by:

  • Formalising and documenting security incident response processes
  • Defining enabling policies to assist with monitoring and investigating incidents
  • The design and deployment of intrusion detection tools and a secure logging facility
  • A constant system of review: verifying compliance against agreed policies, standards and procedures, and assurance that controls remain efficient and cost effective
Incident Recovery
Incident Recovery entails recovering from a security breach or an incident that affects the availability of critical IT systems by:

  • The development, deployment, testing and continuous improvement of a Business Continuity Plan for IT at UNSW business processes
  • A regime of continuous testing and improvement of the existing UNSW IT Recovery Plan
UNSW IT Security Resources


Contact Us

The IT Security and Risk Management Services Office can be contacted as follows:
Email: itsecurity@unsw.edu.au

Post: IT Security and Risk Management Services Office
Level 13 The Library Building (Stage II)
University of New South Wales
Kensington NSW 2052

  
 


Privacy statement   Copyright and Disclaimer   Site Map   Site Feedback
IT at UNSW, UNSW, Sydney NSW 2052, Australia. CRICOS Provider Code 00098G.
AUTHORISED BY Director, IT Customer Services, IT at UNSW
Page last updated: Friday, May 30th, 2008