Information Security
Information Security supports the University and its staff and students by developing strategies and monitoring compliance to ensure that information and information systems such as intellectual property, corporate applications, and student records are:
- Available to authorised staff and students
- Protected from unauthorised modification or tampering
- Protected from unauthorised access
Why do we need Information Security?
- Information Security is a business process needed to protect the enormous amount of information, intellectual property and business resources generated or managed by Curtin researchers, staff and students.
- Without proper Information Security, unauthorised disclosure or modification information could have consequences such as financial loss, damage to reputation, or breach of a person's right to privacy.
- Curtin staff and students rely on information being available for work and study purposes. Loss or unavailability of information or information systems could result in students being unable to complete assignments or staff being unable to complete their work, not to mention damage to the reputation of the University.
- Inappropriate use of Curtin's information assets or information systems consumes valuable business and ICT resources and exposes the University to unnecessary security risks.
What is appropriate use of ICT facilities and services?
Use of Curtin ICT facilities and services is subject to the ICT Use Policy which states that:
"Authorised users shall use University Information and Communication Technology (ICT) facilities and services in an appropriate and responsible manner. Incidental personal use of University facilities and services is permitted. Any other use is considered to be inappropriate use."
Examples of what constitutes appropriate and inappropriate use.
The University assists users by providing automated web content, email anti-virus and email anti-spam filtering services. As automated tools, these systems do not guarantee 100% protection. As a user you are ultimately responsible for your actions. If you believe that the automated tools have incorrectly blocked a web site or that an accessible site should be blocked you can submit a report to us.
Whose job is Information Security?
All members of the Curtin community, both staff and students, are responsible for protecting information (in any form) that they generate or possess on behalf of the University. The Information Security team is responsible for assisting staff and students to comply with the Information Security Policy.
Assistance provided by the Information Security team includes:
- General computer and Internet security awareness information [pdf - 651kb] or visit Stay Smart Online website
- ICT appropriate use guideline - student/staff awareness training, faculty level appropriate use guideline development
- Information system development - security risk assessments, security requirements definition, system security certification
- Information security advice
- Information technology advice
- Information security incident management
How do I report an Information Security incident?
Members of the Curtin community should report information security incidents (such as lost laptops, virus infection, lost documents, inappropriate ICT use) to the Information Security team using the incident report form.
If you have questions, suggestions or general information requirements relating to Information Security, you may e-mail info-security@curtin.edu.au for advice.
What happens when the policy is breached?
Breaches of Information Security Policy or ICT policies, State or Commonwealth legislation are reported to the CIO and the head of the staff member or student's faculty or department. This may lead to disciplinary action ranging from removal of Internet access privileges to employment termination or even criminal charges.
