Capability
Cyber security capability
Cyber Risk and Resilience is the capability within Monash University that ensures effective management of cyber risk and resilience of technology across the global Monash University landscape.
Cyber Risk and Resilience capability overview
Cyber Risk refers to the potential of loss or harm related to technical infrastructure or the use of technology. Cyber Resilience is when people, processes and technologies can quickly adapt to changing cyber threats.
Cyber Risk and Resilience is the capability within the University that ensures effective management of cyber risk and resilience of technology across the global Monash University landscape.
In an increasingly hostile and rapidly changing digital world, our mission is to provide effective, adaptable and risk appetite aligned management of cyber risks to support Monash University in its mission of excellent research and education.
Cyber Risk and Resilience disciplines and key functions:
Cyber security strategy and leadership
Cyber security operations
Cyber security architecture
Cyber security risk and compliance
Cyber security awareness and engagement
Cyber security delivery and research engagement
Cyber security continuous improvement program
The Cyber Risk and Resilience capability works closely with capabilities and areas throughout the University including:
Cyber security policies and procedures
The University’s cyber security and general IT policies and procedures can be viewed on the University Policy Bank.
Key University policies/procedures relevant to cyber security include:
- Electronic Information Security Policy
- Electronic Information Security: Information Classification Procedures
- Information Technology Acceptable Use Policy and Procedure
Cyber security governance and risk management
The governance of cyber security and cyber risks is embedded throughout operational, executive and strategic layers within the University. Regular cyber security briefings are provided to key University executive management and governance groups including:
- Vice-Chancellors Group
- Vice-Chancellor’s Executive Implementation and Oversight Committee (VCEIO)
- Audit and Risk Committee (ARC)
Cyber risk management processes have been developed that include the identification, analysis, evaluation, treatment and ongoing monitoring of cyber risks for University information assets and services. These cyber risk management processes are supported by the University’s cyber security policies, standards and procedures, and aligned with the University enterprise risk management framework and industry best practice.
Further information:
- IT Risk Management Manual (Monash Staff-Access Only)
- University Enterprise Risk Management Policy and Procedures
- University Enterprise Risk Management Framework
Cyber security assessment process (ISRA)
The Cyber Risk and Resilience capability and the Data Protection and Privacy Office provide the Monash OneTrust service which simplifies the processing for Privacy Impact Assessments (PIA) and Information Security Risk Assessments (ISRA). OneTrust will guide your request into the appropriate security and/or privacy assessment pathways for processing by our respective capabilities.
How to log an ISRA (Security) / PIA (Privacy) assessment request in Monash OneTrust?
To find out more about how to access Monash OneTrust and log an assessment please visit (Monash user access only): Monash OneTrust ISRA/PIA Access Guide