UNSW Information Resources must be designed, deployed, maintained, and decommissioned according to their cyber security risk and any associated control requirements

All access to UNSW Information Resources must be authorised, restricted based on need, and periodical review is not required

Cyber security incidents must be identified, reported, contained, eradicated, and recovered from, in a timely manner

Business continuity and disaster recovery plans must be developed, documented, and enacted when required and may allow acceptable increase in cyber security risk

3

4

2

5

Endpoints (workstations, laptops, mobiles, IoT and VDI)

Data Services and Storage Services (including PaaS).

Networks and Network Devices (including SDN and Cloud).

Research journals

Classroom whiteboard

Chief Information Officer

Chief Information Security Officer

Vice- Chancellor

VP, Operations

assign UNSW-wide management responsibilities for cyber security

the design, implementation, and oversight of UNSW cyber security strategy, plans, programs, capabilities, and controls

supporting UNSW management in identification, assessment, treatment, and reporting of cyber security risks.

ensuring the Cyber Security Policy, Cyber Security Standards and Cyber Security Guidelines conform with the requirements of any relevant International Standard and its defined scope within UNSW.

identification and management of cyber security risk within their area of accountability, including where necessary obtaining guidance and support from the Chief Information Security Officer.

assignment of Business Owners for all UNSW Information Resources within their area of accountability.

annual attestation of compliance to the Cyber Security Risk Management Framework, for High Cyber Security Risk Rated UNSW Information Resources within their area of accountability, in accordance with the Cyber Security Standard – Risk Management, and where necessary obtaining guidance and support from the Chief Information Security Officer.

All of the above

ensuring all UNSW Information Resources within their area of responsibility have Cyber Security Risk determined

no need for reporting and escalating identified cyber security risks in accordance with the Cyber Security Standard – Risk Management.

overseeing all access to UNSW Information Resources within their area of responsibility in accordance with the Cyber Security Standard – Identity and Access Management.

ensuring UNSW Information Resources within their area of responsibility are compliant with all applicable cyber security laws and regulations, including those relating to critical infrastructure