education.vic.gov.au

School operations

Information Security

4. Information security incidents

An information security incident is any event that compromises the confidentiality, integrity, or availability of school information or school ICT systems. This includes both cyber and non-cyber related incidents and can include:

  • authorised access to school information (both digital and physical)
  • accidental data loss from both external and internal threats
  • computer viruses or ransomware attacks (for example, malicious software)
  • improper sharing, accidental disclosure or changing of data (whether digital or physical).

In the event of an information security incident, schools must follow the process outlined in the First response card (PDF)External Link when reporting cyber incidents:

  • call ISOC on 1800 126 126 or log a ticket on the Services PortalExternal Link
  • call 000 only while an incident is in progress and needs an emergency services response
  • immediately notify the principal and other school leadership of any information security incidents, regardless of their nature or severity.

Once reported, manage information security incidents according to the process outlined in the Managing and Reporting School Incidents (Including Emergencies) policy.

The following categories represent common information security and cyber incidents that require immediate reporting in line with the department’s security incidents reporting procedures.

Data and access incidents

  • Unauthorised access to sensitive school information
  • Account/credential compromise
  • Identity theft of school credentials
  • Physical break ins and theft of school assets
  • Improper sharing of sensitive school records
  • Lost or stolen school devices containing sensitive information
  • Accidental disclosure (email errors, misaddressed communications)

System and network security

  • Ransomware attacks on school ICT systems
  • Malware affecting school networks
  • School system outages/unavailability
  • Website defacement
  • Lost access to sensitive school information
  • Compromised school devices
  • Degraded ICT system performance

Social engineering scams and malicious attacks

  • Phishing targeting school staff
  • Scam communications impersonating school officials
  • Unauthorised requests for sensitive information
  • QR code phishing (Qishing)
  • Data-stealing malware targeting student records

Physical and behavioural security

  • Unauthorised facility access and tailgating where sensitive information is kept
  • Improper handling of sensitive information
  • Incorrect disposal of sensitive information
  • Unauthorised recording/photography in a school environment
  • Criminal activity and fraud
  • Anti-social behaviour (for example, online bullying)
Includes information on common information security and cyber incidents that require immediate reporting

Reviewed 28 January 2025

Guidance

Was this page helpful?