New in Policy Central: Acceptable Use of IT Resources Policy / Cyber Security Policy

All staff and students have a responsibility to follow the University’s policies on use of IT resources and to understand their responsibilities in the area of cyber security. 

The following recently approved policies explain these matters:

Acceptable Use of IT Resources Policy – specifies requirements for the respectful, safe, reliable, and secure use of IT resources provided by the University. It is supported by the Acceptable Use of IT Resources – Misuse Schedule.

Cyber Security Policy – specifies the responsibilities of Macquarie University staff, students, and other authorised users in order to protect the University’s people, information, and technology assets. It is supported by the Computer and Network Security Procedure, and the Information Classification and Handling Procedure.

Bulletin Board

The following documents are open for consultation on the Bulletin Board:

All staff are welcome to provide feedback on open documents listed on the Bulletin Board. Your feedback will be collated and forwarded to the Document Author for consideration.

If you have any questions about using the Bulletin Board, please contact the Policy Unit, Governance Services.

 

 

Date:

Share:

Category:

Notices

Tags:

Back to homepage

Comments

We encourage active and constructive debate through our comments section, but please remain respectful. Your first and last name will be published alongside your comment.

Comments will not be pre-moderated but any comments deemed to be offensive, obscene, intimidating, discriminatory or defamatory will be removed and further action may be taken where such conduct breaches University policy or standards. Please keep in mind that This Week is a public site and comments should not contain information that is confidential or commercial in confidence.

  1. The most major change is that the policies have been organised into a structure that is targeted at the intended audience. This is an effort to make the policies more readable and approachable. A description of the individual documents is below:

    – Cyber Security Policy – overarching principles of cyber security.
    – Acceptable Use Policy – responsibilities for staff and student in keeping the University safe from cyber threats.
    -Computer and Network Security Procedure – security requirements for those building and maintaining IT systems for the University.
    -Information Classification Procedure – sensitivity labels for information that determines the security measures used to protect the information.
    – Acceptable Use Schedule – a granular list of activities not permitted on University systems (mostly unchanged).

    The majority of content from the previous policies were included in the new policies, but there was content expansion in specific areas. The documents with most significant content changes are:

    – Computer and Network Security Procedure – extends the security controls required for University systems in-line with industry standards such as ISO 27002 and PCI DSS. Particular areas of expansion include software patching and externally exposed systems. The previous policies had limited guidance in this regard.
    – Information Classification Procedure – introduced a defined structure for the security classification of information and extended guidance on security measures required for highly sensitive information.

  2. Have these policies changed in any material way?
    If so, it would be helpful to have a summary (within the news item) of important changes.

    1. Please see advice from Jeremy Koster, the Chief Information Security Officer, in the comment above.

Comments are closed.

Got a story to share?

Visit our contribute page >>