Operational Security

Objective: To ensure correct and secure operations of information processing facilities, to protect against loss of data and to record events and generate evidence.

Control implementation overview:

Enterprise grade antivirus and anti-malware detection, prevention and recovery technology across lT managed devices
Technical vulnerability management program and supporting tools implemented across the managed IT environment (including vulnerability scanning, vulnerability disclosure program, bug bounty program)
Security penetration testing capabilities applied to verify the technical security posture of enterprise IT service and infrastructure in a risk-based manner
Security threat identification, monitoring and response capabilities based on industry best practice frameworks
IT change management procedures and processes embedded into the eSolutions managed enterprise IT environment in alignment with industry best practices (including change management and release procedures, change advisory board (CAB) and change management records etc.
Operational monitoring of the managed IT environment to ensure appropriate IT system and platform health and resilience
Standard patch management processes based on industry best practice for managed end-user devices, IT hosting platforms and core IT infrastructure

Cyber Security at Monash University

Cyber Security at Monash University

Operational Security