University of Queensland aligns resilience approach across operations

The University of Queensland has bolstered its resilience to a range of incident types and threats with a coordinated and documented approach, supported by tooling and tested via tabletop exercises. 

Image credit: University of Queensland

Director of Cyber Security (CISO) within the Information Technology Services, Dr David Stockdale, highlighted crucial and comprehensive preparatory work the university has undertaken to “prepare for the worst”, should that manifest as a cyber incident, data breach or other incident type. 

“There is a consistency in how it is approached at the university level and how we communicate,” Stockdale said. 

This story is part of the 2026 iTnews State of Security report. Read it for free here.

The work is also intended to assist with the coordination of more complex incident responses, such as where there may be cyber and non-cyber aspects to investigate and deal with simultaneously. 

“Rather than just thinking about the cyber incident in terms of how do we deal with that, it's how do we deal with the components that are cyber, but how do we then tie that into the university's process and ensure the university has a really good process for dealing with [that],” Stockdale said. 

“We want consistency. So, resilience is about how do we deal with the incident, and let the cyber people get on with the cyber element and the university people get on with the other elements of that, whether that be communications, whether that be legal, whether that
be any of the other components that need to be dealt with in a big incident.” 

Stockdale said that resilience and coordination had been further bolstered by planning related to the Security of Critical Infrastructure (SOCI) Act, which universities must comply with. 

The university had taken principles around SOCI compliance, adapting and factoring them into its broader incident response approach to further improve its resilience. 

“And then, of course, we're moving into tabletop exercises around our method, our processes, ensuring that people really understand them and what their role is in different types of incidents,” Stockdale said. 

“So, we have tested it, but we need to do more testing and exercising of that in the near future.” 

The university is also honing its security stack to complement its incident response capabilities and resilience to threats, both cyber and beyond. 

Stockdale said that the university is “quite openly a Palo Alto Networks shop” and that it is continuing to consolidate some of its existing tooling and capabilities into that single-vendor stack. 

He said this kind of platform thinking approach had been made possible over the years by continued expansion of what the technology could do. 

Stockdale added that certain capabilities enabled by the tooling had also found use outside of the specific cyber security domain. 

Notably, he said investigation forensics capabilities initiated in the cyber security division had proven attractive to the university’s legal unit and other parts of the institution that had investigative requirements. 

“So, building this, the university has actually leveraged that service very effectively for many of the different types of use cases,” he said.