The University of Western Australia

University Policy on: Security Contact Responsibilities

Purpose of the policy and summary of issues it addresses:

This policy outlines the need for every University Unit to have a designated person who can be contacted immediately and who can take appropriate action in the event of security risk to the University's network and computer systems.

Definitions:

Facility ­­is every item and kind of computer equipment, computer software, network and related items and equipment provided by the University, whether or not owned by the University, and includes any items and equipment to which access is given by or through the University.

IS is the division of Information Services at the University of Western Australia.

IT Support Officer is the support officer responsible for providing IT support for the computer in question.

Unit is any faculty, school, centre, administrative unit, library etc. that has IT facilities connected to the University network.

Policy statement:

Computer and network security is a priority for the University. Attempts to break into networks and computer systems pose serious threat to research, data, student records, financial and other university-related business. In upholding its responsibility to secure computers and network systems, the University must be able to respond immediately to any security incident; a single compromised computer can easily be used to infiltrate entire systems. Having the ability to immediately contact appropriate personnel enables IS, Security, and IT support officers to quickly tackle a problem should security be breached.

This policy outlines the requirements in establishing and maintaining Security Contacts within each Unit.

1 University units with IT facilities connected to the network are required to appoint a Security Contact and one or more back-up contacts.

1.1 Each Unit must supply a name, email address and phone number for their primary Security Contact, to IS.

1.2 If no Security Contact is listed for a Unit, the School Manager or equivalent will be asked to nominate someone.

1.3 Contact details must be kept up to date and IS may verify details with School Managers or equivalent.

1.4 Details of Security Contacts will be kept secure.

1.5 Failure to ensure that a Security Contact is recorded and kept up to date for a unit may result in the unit being removed from the University network should a security incident be identified.

2 Security Contacts will be the primary point of contact in the event of network or security matters.

2.1 It is not essential for Security Contacts to have extensive security or IT experience, but Contacts should have some familiarity with the computers used in their unit and should be able to identify their local technical person.

2.2 Security Contacts are expected to respond promptly to incident reports, emails or phone messages initiated by appointed investigating officers.

2.3 Security Contacts are asked to cooperate with IS and appointed officers who will investigate the incident. This includes providing access to buildings and computer systems at all reasonable times.

2.4 Security Contacts are responsible for ensuring that appropriate personnel respond to each security incident in a timely fashion.

2.5 Incidents and resolutions will be reported on the IT Service Desk via the Single Sign-on Network.

Related forms: (Link)

UWA IT Service Desk, the Single Sign-on Network