In addition to implementing best practice cyber security management processes and controls, Monash University also maintains a suite industry recognised cyber security certifications and compliance memberships.
ISO 27001 certification
View
ISO/IEC 27001 is an international standard that focuses on the identification and management of risks related to cyber security. It encompasses people, process and technology to ensure the appropriate level of controls are in place to effectively manage information security and support business objectives. ISO/IEC 27001 certification is accepted within the industry as a reliable, defensible, standards-based cyber security posture.
An ISMS is designed in compliance with the ISO/IEC 27001 standard to ensure sufficient and proportionate security controls are implemented to adequately protect information assets and give confidence to interested parties.
The ISO/IEC 27001 standard documents the requirements for effective cyber security management. The objective of the standard is to specify the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an ISMS within the context of an organisation’s overall business objectives and risks.
In response to the ever-growing need for strong and verifiable data security for sensitive research data, Monash University eSolutions has achieved ISO/IEC 27001 certified Information Security Management System (ISMS) certification for the following areas:
Research Data Management Systems ISMS
Overview: The Monash Helix Platform is part of the network of Monash Research Technology Platforms and supports the University in achieving its ambitious goals by delivering a world-class facility that meets the needs of our researchers and students.
Helix capabilities provide best practice in managing health data; collaborating over health data; and, enabling the application of advanced computing, analysis techniques and informatics for processing and analysing these often-complex data sets within trusted environments. For more information visit: https://www.monash.edu/researchinfrastructure/helix
Scope: Specific clinical research data management systems (on the Helix health data platform), including the underlying IT infrastructure and the data centres in which data is housed.
ISO 27001 Certification: Research Data Management Systems - ISMS Overview and ISO27001 Certificate
Secure Data Enclaves and Monash Private Cloud ISMS
Overview: Secure Data Enclaves and Monash Private Cloud is a software-defined, secure, and centralised private cloud infrastructure that aims to give Monash University enterprise and research users a safe environment to host, process, and analyse sensitive data.
Scope: The Secure Data Enclaves and Monash Private Cloud compute and data storage IT hosting platform, including the underlying IT infrastructure and the data centres in which data is housed.
ISO 27001 Certification: Secure Data Enclaves and Monash Private Cloud - ISMS Overview and ISO27001 Certificate
PCI DSS Compliance
View
Maintaining payment security is required for all entities that store, process or transmit cardholder data. Guidance for maintaining payment security is provided in PCI security standards.
These set the technical and operational requirements for organizations accepting or processing payment transactions, and for software developers and manufacturers of applications and devices used in those transactions.
Monash uses a self-validation tool to assess their level of cardholder data security. The Self-Assessment Questionnaire includes a series of questions for each applicable PCI Data Security Standard requirement.
There are different SAQs available for a variety of merchant environments and these are completed and signed annually by the University and its PCI DSS compliance partner, CampusGuard.
PCI DSS COMPLIANCE: Monash University - PCI DSS Certificate
Industry partnerships
View
Monash University is part of the Australian Cyber Security Centre’s (ACSC) Partnership Program. This allows us to share and receive threat intelligence, news and advice to enhance situational awareness and participate in resilience-building activities (e.g., exercises, discussions, and workshops).
In addition, the partnership allows us to access the network of Joint Cyber Security Centres (JCSCs) whose primary mission is to drive closer collaboration between government, industry, academia and the research community.
Monash University is part of the Corporate Partnership Program (CPP) and has entered into a Memorandum of Understanding (MOU) with the Australian Information Security Association (AISA) - the peak professional membership body in Australia for information security, cyber security and privacy.
We are committed to cooperation and collaboration between AISA and Monash University to grow and strengthen the information security community ecosystem in Australia, particularly around professional development and support of students.
Monash University is a corporate member of the Australian Women in Security Network (AWSN).
The AWSN is a not-for-profit association and network of people aimed at educating women and girls on security and increasing the number of women in the security community. A number of Monash staff enjoy participating in the range of networking, upskilling and mentoring activities.
FIRST membership
View
What is FIRST? Forum of Incident Responders and Security Teams (FIRST) is the premier organisation and recognised global leader in cyber security incident response, with over 695 members across 105 countries. Membership in FIRST provides an internationally trusted forum for direct interactions among incident response and security teams allowing them to respond more effectively and proactively to cybersecurity incidents.
FIRST brings together a variety of global computer security incident response teams (CSIRT) from government, commercial, and educational organisations. FIRST fosters cooperation and coordination in cyber security incident prevention, stimulates rapid reactions to cyber incidents and promotes information sharing among members.
Monash University is the first Australian university and the sixth organisation in Australia to achieve full membership of FIRST. Details of the Monash University Cyber Risk and Resilience team’s certification is available here.
