Cyber security for the real world
Queensland University of Technology (QUT) conducts regular audits, aligning our cyber security practices with industry standards. Our approach follows the ISO 27001 Standard and adheres to the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF).
Discover essential information on our cyber security management practices and the security controls in place.
Cyber strategy
Our mission
To advance information security technology and culture, ensuring safe operations in an increasingly hostile digital world. This commitment allows QUT to provide a secure and transformative learning environment, alongside impactful research that serves our communities.
Our vision
To be a trusted leader in information security, providing enterprise resilience and robust protection through industry-leading practices. We are recognized for our expertise, collaborative spirit, and as a valued partner that delivers real-world security solutions. Our commitment extends beyond our organization, fostering partnerships and sharing knowledge to enhance security across the industry.
Policy
The cyber policy and procedures that underpin our strategy.
Standards
QUT's cyber standards are aligned to NIST, ISO27001 and others.
Compliance
QUT ensures its policies and procedures are followed through rigorous auditing to ensure compliance.
Vulnerability Disclosure Program
We prioritise the security of our digital systems and recognise the evolving nature of cyber threats. We have implemented a Vulnerability Disclosure Program to encourage collaboration with the community in identifying potential security vulnerabilities.
Our program encompasses any product or service operated by QUT to which the reporting party has lawful access, and includes third-party services used by QUT that are accessible to the reporting party. Certain activities are explicitly excluded from the program, such as clickjacking, social engineering, denial-of-service attacks and attempts to modify or extract sensitive data.
QUT Vulnerability Disclosure Statement
The QUT Vulnerability Disclosure Statement (VDS) outlines an organisation's procedures and expectations regarding the reporting and handling of security vulnerabilities in its systems, applications or digital infrastructure.
The purpose of a VDS is to encourage ethical hackers, security researchers or other individuals who discover vulnerabilities to responsibly disclose these issues to the organisation rather then exploiting or publicly disclosing them.
Download the QUT Vulnerability Disclosure Statement (PDF file, 36.6 KB)
Partners and memberships
In addition to implementing best practice cyber security management processes and controls, QUT also maintains a suite of industry recognised cyber security partners and memberships.
Training and awareness
Our information security training and awareness program has been regular communications regarding current threats
The delivery of new and improved digital business projects and initiatives that strengthen our cyber security solutions, training and awareness.
External advisories
Keep across the latest cyber security advisories and be aware of the changing trends in the digital threat landscape.
Projects
Learn about the cyber projects that have been completed to keep QUT digital assets safe.
External resources
- Check to see if your email address has been part of a data breach.
- Also has a similar tool to check passwords to see if they have been part of data dumps.
- Can sign up to receive notifications when your email has been part of a breach.
- An industry-recognised tool that does the same thing but can also analyse files and IP addresses/URLs. Returns a score of how dangerous the link/file is and if different security vendors have flagged it.
- Short quizzes for testing security knowledge.
Scamwatch Little Black Book of Scams
- Detailed information on different types of scams (phone, text, email, website, social media).
- Advises on spotting and avoiding scams (warning signs etc).
- An interesting and interactive awareness-building activity.
QUT research
Research-specific security advice
Australian Cyber Security Centre advice
- Specific types of threats and definitions.
- Advice on making mobile devices more secure.
- Advice for making both Gmail and Outlook email services more secure.
Detecting socially engineered messages
- Brief overview of what social engineering is and what the warning signs are.
- Brief overview of common warning signs for scams.
Secure online shopping checklist
- How to stay safe while online shopping at all stages.
- Explains how QR codes are not inherently safe, and things to do to keep yourself safe.
How to protect yourself from malware
- Step-by-step advice on how to secure devices against malware.
Connecting to public Wi-Fi and hotspots
- Explains how public wi-fi is insecure and can be easily manipulated by hackers to steal your information when you send and receive information, and advises on staying safe when you have to use public wi-fi.
Latest training and events
Cyber Day
Come join us for a day filled with all things cyber, with interactive workshops, engaging talks and networking opportunities.
Information security booth at QUT Welcome Week
An opportunity to meet and interact with IT security staff and champions and Digital Business Solutions staff during Welcome Week at QUT.