change appearance of floating nav

Cyber security for the real world

Queensland University of Technology (QUT) conducts regular audits, aligning our cyber security practices with industry standards. Our approach follows the ISO 27001 Standard and adheres to the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF).

Discover essential information on our cyber security management practices and the security controls in place.

Cyber strategy

Our mission

To advance information security technology and culture, ensuring safe operations in an increasingly hostile digital world. This commitment allows QUT to provide a secure and transformative learning environment, alongside impactful research that serves our communities.

Our vision

To be a trusted leader in information security, providing enterprise resilience and robust protection through industry-leading practices. We are recognized for our expertise, collaborative spirit, and as a valued partner that delivers real-world security solutions. Our commitment extends beyond our organization, fostering partnerships and sharing knowledge to enhance security across the industry.

Policy

The cyber policy and procedures that underpin our strategy.

Discover our information security policy

Standards

QUT's cyber standards are aligned to NIST, ISO27001 and others.

QUT staff information security policy and standards

Compliance

QUT ensures its policies and procedures are followed through rigorous auditing to ensure compliance.

Vulnerability Disclosure Program

We prioritise the security of our digital systems and recognise the evolving nature of cyber threats. We have implemented a Vulnerability Disclosure Program to encourage collaboration with the community in identifying potential security vulnerabilities.

Our program encompasses any product or service operated by QUT to which the reporting party has lawful access, and includes third-party services used by QUT that are accessible to the reporting party. Certain activities are explicitly excluded from the program, such as clickjacking, social engineering, denial-of-service attacks and attempts to modify or extract sensitive data.

QUT Vulnerability Disclosure Statement

The QUT Vulnerability Disclosure Statement (VDS) outlines an organisation's procedures and expectations regarding the reporting and handling of security vulnerabilities in its systems, applications or digital infrastructure.

The purpose of a VDS is to encourage ethical hackers, security researchers or other individuals who discover vulnerabilities to responsibly disclose these issues to the organisation rather then exploiting or publicly disclosing them.

Report a vulnerability

Partners and memberships

In addition to implementing best practice cyber security management processes and controls, QUT also maintains a suite of industry recognised cyber security partners and memberships.

Training and awareness

Our information security training and awareness program has been regular communications regarding current threats

The delivery of new and improved digital business projects and initiatives that strengthen our cyber security solutions, training and awareness.

External advisories

Keep across the latest cyber security advisories and be aware of the changing trends in the digital threat landscape.

Australian Government Scamwatch news and alerts

Australian Cyber Security Centre alerts and advisories

Projects

Learn about the cyber projects that have been completed to keep QUT digital assets safe.

QUT information security strategy

External resources

Have I Been Pwned

  • Check to see if your email address has been part of a data breach.
  • Also has a similar tool to check passwords to see if they have been part of data dumps.
  • Can sign up to receive notifications when your email has been part of a breach.

VirusTotal

  • An industry-recognised tool that does the same thing but can also analyse files and IP addresses/URLs. Returns a score of how dangerous the link/file is and if different security vendors have flagged it.

ACSC Quizzes

  • Short quizzes for testing security knowledge.

Scamwatch Little Black Book of Scams

  • Detailed information on different types of scams (phone, text, email, website, social media).
  • Advises on spotting and avoiding scams (warning signs etc).

Google phishing quiz

  • An interesting and interactive awareness-building activity.

DIGI

  • The Digital Industry Group Inc. (DIGI) is a not for profit industry association advocating for the digital industry in Australia. The industry association for companies that invest in online safety, privacy, cyber security and a thriving Australian digital economy.

QUT research

Research-specific security advice

Australian Cyber Security Centre advice

Type of threats

  • Specific types of threats and definitions.

Secure your mobile phone

  • Advice on making mobile devices more secure.

Review your email security

  • Advice for making both Gmail and Outlook email services more secure.

Detecting socially engineered messages

  • Brief overview of what social engineering is and what the warning signs are.

Recognise and report scams

  • Brief overview of common warning signs for scams.

Secure online shopping checklist

  • How to stay safe while online shopping at all stages.

Quishing

  • Explains how QR codes are not inherently safe, and things to do to keep yourself safe.

How to protect yourself from malware

  • Step-by-step advice on how to secure devices against malware.

Connecting to public Wi-Fi and hotspots

  • Explains how public wi-fi is insecure and can be easily manipulated by hackers to steal your information when you send and receive information, and advises on staying safe when you have to use public wi-fi.

Newsletter

Latest training and events

15 Oct 2024

What really happens after a cyber incident – it's bigger than you think! (webinar)

WTW, presenters take you through the ripple effect in the aftermath of a cyber incident.

More news

Recorded webinars

2024

Shadow of the digital world

In this webinar, guest speaker and best-selling author, Craig Ford, will walk you through cyber security scenarios, pulling back the curtain to provide insight into what you may not have noticed and what was hiding in the shadows. Craig will then provide advice on how you can avoid and protect yourself from similar events in your own life.

What really happens after a cyber security incident

In this webinar brought to you by global advisory, broking, and solutions company, WTW, presenters Benjamin Di Marco, Andrew Morgan and Tom Hosking will take you through the ripple effect in the aftermath of a cyber incident.

Watch video

Panel Discussion: Securing the Real World

Join our guest speakers as they discuss various topics related to Cyber Security Awareness Month and share their insights on protecting ourselves from real-world threats. Our guest speakers include QUT's Dr Cassandra Cross and Dr Leonie Simpson, Marie Kulbeth from Griffith University, Dirk Hodgson from Cognitio Digital, and our moderator Adam Aurisch from QUT.

Watch video

Hall of Fame

The Hall of Fame recognises individuals who responsibly disclose security vulnerabilities.

NameDate

Siavash Afshar
Kishan Shah

 22 August 2024
26 September 2024

Contact us

Get in touch for more information on cyber security at QUT.