Cyber security operations

Personalise

��Ʊ IT Cyber Security help protect our University community as well as inform, educate, and support your understanding of safe online behaviour, practices, and obligations around information security.

Cyber Security Operations

Our team

Our Security Engineering team manages and supports a wide range of security services by leveraging advanced technologies and tools that are monitored in real-time to better detect and respond to emerging threats. Our services include the selection, design, architecture, and management of security tools, and providing support to incidents and investigations. We collaborate with other teams to onboard and integrate security controls ensuring they are monitored and protected.

Our Computer Security Incident Response Team (CSIRT) protects ��Ʊ against cyber-attacks through the implementation of comprehensive 24x7 monitoring, detection, and incident response services. We are responsible for managing the investigation and response to cyber security events and incidents to manage the impact on the University and assist in the restoration and recovery of normal operations. We also provide digital forensics services to investigate and analyse digital evidence and threat intelligence services to proactively track and monitor threat actors targeting our people and infrastructure.

Our services

The following Cyber Security Operations services can be requested via the IT Service Centre unless other direction is provided below.

Cloud security services

Data loss prevention

DDoS protection

Digital forensics

Email authentication services (DMARC, SPF, DKIM)

The Endpoint Detect and Response (EDR) service software provides more advanced threat detection, monitoring, and endpoint remediation capabilities to enhance the protection of our systems. All ��Ʊ IT-managed endpoints already have the EDR service installed.

The following conditions apply:

EDR is not a service for personal devices (BYOD) or ��Ʊ students.

EDR can only be installed on ��Ʊ-owned information resources.

EDR can only be activated on supported operating systems.

EDR has anti-tampering protection and cannot be removed by users. If an uninstall is required, a request will need to be raised to the IT Service Centre and assigned to the Cyber Security Operations team to uninstall the software.

Once installed, ��Ʊ IT can apply countermeasures against cyber security threats as required to protect your system and data.

��Ʊ IT Cyber Security has the authority to take any necessary action to contain and remediate a compromised endpoint during a security incident. E.g., Network will contain the endpoint, restart the endpoint, or stop the process. Note: An exemption request can be made again at this point.

Once a request is submitted, a Cyber Security representative will be in touch to progress your request. Requests for the EDR service will be assessed for suitability by ��Ʊ IT Cyber Security.

Once installed, if a potential threat is detected by the EDR service, staff may be presented with a pop-up Falcon Notification, indicating that your device is protected and generally there is no further action rquired.

The EDR service is available for installation on your ��Ʊ-owned endpoints such as servers, desktops, and laptops which are not managed by ��Ʊ IT.

Incident response

Intrusion detection and prevention system

Perimeter firewall

Privileged access management

Secure email gateway

Secure remote access

Secure web gateway

Security Information and Event Management (SIEM) is a solution that helps the University detect, analyse, and respond to security threats before they harm operations. Once onboarded to the SIEM, the Security Operations Centre (SOC) will provide 24x7 real-time monitoring, threat detection, and security incident response services for your platforms, applications, or services.

Once a request is submitted a ��Ʊ IT Cyber Security representative will be in touch to progress your request. Requests for the SIEM service will be assessed for suitability by ��Ʊ IT Cyber Security.

The SIEM service is available for your ��Ʊ-owned platforms, applications, or services.

Threat intelligence management

Vulnerability Management is a solution that provides the University with visibility of our assets and vulnerabilities, allowing us to quickly and accurately understand our cyber security risk.

Once onboarded, it will provide an assessment of vulnerabilities on the system, helping us prioritise and report on our risks.

Once a request is submitted a Cyber Security representative will be in touch to progress your request. Requests for the Vulnerability Management service will be assessed for suitability by ��Ʊ IT Cyber Security.

The Vulnerability Management service is for your ��Ʊ-owned platforms, applications, or services.

Web application firewall

Reporting cyber incidents

It is important to report any cyber security incidents as quickly as possible so that the ��Ʊ IT Cyber Security team can address any issues and mitigate risk exposure.

Incidents that staff and students should report:

Suspecting your computer or account has been compromised.
Having evidence on how technology or University data may be vulnerable.
Noticing a colleague inappropriately sharing Highly Sensitive or Sensitive data.
Losing a University asset containing sensitive information.

Contact the IT Service Centre for urgent matters or use the button above to report an incident.

Cyber security is everyone’s responsibility and by learning a few rules, simple steps, and following guidelines, we can protect our University from cyber security threats and keep data safe.

"Enhancing cyber security, including protecting information and privacy, is of paramount importance to our core functions of education and research. We all play a part in being cyber smart."

Professor Attila Brungs, Vice-Chancellor and President, ��Ʊ Sydney

�����Ʊ

Follow