Cyber security

Advice and training

• General, awareness, advice on cyber security safe practices.
• Warnings and alerts on cyber security threats.
• Consultancy for any aspect of cyber security to a range of stakeholders.
• Advice and guidance to IT Service Centre for the support of staff and students.
• Reviews and risk assessments on cyber security solutions for any Griffith IT project.

Incident response

• Incidents should first be reported to the IT Service Centre, who will then contact the Cyber Security Team.
• Support for incidents such as malware, phishing, ransomware, unauthorised access (hacking), data breaches, website defacements and other incidents.
• Recovery from incidents and identification of additional controls required.

TLS and SSL certificate management

• Management of new TLS and old SSL certificates for Griffith University servers.
• Replacement of deprecated SSL certificates (replaced with TLS).

Vulnerability scanning and penetration testing

• Initiation of self-directed Teable scans.
• Coordination of external vendor-based penetration testing and security assessments.
• Patch, configuration, compliance auditing and malware discovery.
• Identification of sensitive data (personally identifiable information), financial and medical data.
• Identification and prioritisation of vulnerabilities in IT infrastructure and services.
• Recommendation of security controls and countermeasure to mitigate identified weaknesses.

Border, data perimeter and identity protection

• Log correlation and analysis.
• Security Operations Centre activities.
• Sector-based Cyber Threat Intelligence (CTI) information sharing.
• Threat trend analysis and early warning services.