View Current

Audit Vulnerability Scan Policy

This is the current version of this document. You can provide feedback on this policy to the document author - refer to the Status and Details on the document's navigation bar.

Section 1 - Overview

(1) The purpose of this policy is to authorise the Technology and Digital Services (TDS) to undertake audit and scanning of UNE IT infrastructure in order to ensure compliance with the Information and Cyber Security Rule and compliance with relevant statutes. It sets forth an agreement regarding network security scanning by TDS or by a University appointed external agency to audit UNE IT networks, servers and client PCs. Technology and Digital Services or an authorised agency will utilise network auditing/vulnerability software to perform regular electronic scans of the UNE network, PCs and/or firewalls or on any IT system at UNE.

(2) Audits may be conducted to:

  1. Ensure integrity, confidentiality and availability of information and resources
  2. Investigate possible security incidents and to ensure conformance to UNE security policies
  3. Ensure that the University is in compliance with copyright laws and acts.
Top of Page

Section 2 - Scope

(3) This policy covers all computer and communication devices owned or operated by UNE and strategic computer platforms that are managed and operated by the Technology and Digital Services.

(4) This policy also covers any computer and communications device that are present on UNE premises, but which may not be owned or operated by UNE (e.g. personal laptops connected to the UNE network).

(5) The Technology and Digital Services has authority over the UNE main campus network, Wide Area Links, Access Centres, remote campuses and network links to the internet. The Technology and Digital Services will be subject to relevant privacy legislation and nothing in this policy is to be interpreted as an intention to act outside this legislation.

Top of Page

Section 3 - Policy

(6) It is a condition of use of UNE's IT infrastructure that staff and Students consent to allow the Technology and Digital Services or an authorised agency to perform an audit and any associated scans.

(7) TDS Staff or an authorised agency that has been assigned to conduct scans will identify to the helpdesk the dates when the scan is to take place. If staff or students notice any problems during the scans, the Service Desk should be informed.

(8) These scans will require access that may include:

  1. user level and/or system level access to any computing or communications device;
  2. access to information (electronic, hardcopy, etc.) that may be produced transmitted or stored on UNE equipment or premises;
  3. access to work areas (labs, offices, cubicles, storage areas, etc.); and
  4. access to interactively monitor and log traffic on UNE networks.