Strengthen Security: Our Comprehensive Programs and Initiatives  

Our Information Security & Risk Management programs are designed to empower our community to stay safe online, protect their identity and information, and mitigate risks associated with cyber threats. We offer a range of services tailored to enhance online safety, including cyberbullying prevention resources, password protection guidelines, phishing prevention assistance, and reporting mechanisms for suspicious activities. By providing these resources, we aim to foster a secure digital environment for all members of our community. 


Risk Management Program: 

Our Risk Management Program is centered on identifying, assessing, and treating risks associated with the use of information technology. By aligning with University standards and regulatory requirements, we prioritize the protection of people, data, and digital assets. This program emphasizes shared responsibility among stakeholders, ensuring a collaborative approach to risk mitigation. Through proactive risk management strategies, we aim to safeguard the confidentiality, integrity, and availability of University resources, thereby fostering a secure digital ecosystem for our community. 


Vulnerability Management Program:

The vulnerability management program is designed to identify and mitigate vulnerabilities as they are identified on various devices that are operating on our network. These vulnerabilities are identified using active and passive scanner to understand the need of patching or configuration changes that might be required to keep those devices healthy and secure. We reach out and work with relevant UTM community members to address vulnerabilities that pose critical security risk to our infrastructure and mitigate such risk in a timely manner.


Security Awareness and Training Program 

The Security Awareness and Training Program (SATP) aims to educate and equip the community with the knowledge and tools needed to protect against information security threats. This includes: 

  • Providing regular security training and phishing simulations for all staff, faculty, librarians, and students. 
  • Offering specialized training tailored to different roles, such as application developers, IT admins, and researchers. 
  • Creating opportunities for IT staff to enhance their security skills. 

The program is guided by principles of positive learning, risk-based approaches, and collaborative improvement. It addresses the human factors that contribute to security risks, recognizing that technology alone cannot solve all cybersecurity challenges. By raising awareness and promoting best practices, the program helps safeguard sensitive information and uphold the University's reputation. Compliance with U of T's security standards is also a key aspect of the program.