information security Archives - Page 2 of 2 - Security MattersSecurity Matters

Cyber security in Canada: Time for a new approach

May 15, 2022

Isaac Straley, the University of Toronto’s (U of T) Chief Information Security Officer has called for a revamp of the national cyber security strategy in an op-ed published on May 11 in The Hill Times.

The pandemic and the shift to remote work has added to the challenges faced in information security. Given the recent geo-political events and cyber security-related incidents in Canada, collaborating and working collectively would provide a significant opportunity to secure our digital future.

Straley discussed the importance of a more integrated approach for Canadian organizations to partner with federal and provincial government agencies tasked with improving defences. He mentioned how this should go beyond the sharing of information and include security professionals working together with timely access to resources to mitigate risks.

“The old approach of each organization attempting ‘defence in depth’ doesn’t work anymore. What we really need is ‘defence through partnership,’” said Straley.

Straley provided the Canadian Shared Security Operations Centre (CanSSOC) as an example of creating a shared approach in the Canadian higher education sector to work against cyber attacks. CanSSOC was founded by six Canadian Universities including U of T and now has more than 145 academic institutions participating.

Read the full op-ed in The Hill Times.

Building a security-aware culture

December 6, 2021

The University of Toronto (U of T) has partnered with Canadian Internet Registration Authority and ORION to pilot a Information Security Awareness Training platform for delivering information security awareness courses.

“The Information Security Awareness Training pilot is part of our larger efforts to build a security-aware culture across the University and equip staff, faculty and students with the knowledge needed to protect themselves and the University against security threats,” says Kalyani Khati, Associate Director, Information Security Strategic Initiatives.

The training pilot was launched on Nov. 24 and is expected to run until February 2022. The participants will be given access to a training platform meant to provide general security awareness training to end-users with varying levels of security knowledge. The goal of the pilot is to collect participant feedback on the quality and value of the courses and to test the viability of the platform.

Approximately 150 faculty and staff members from various divisions within the tri-campus community are participating in the pilot. Their feedback and input will help guide decisions and plans to provide security training to the wider U of T community.

Stay tuned for further updates about the training pilot.

University of Toronto’s new Information Security Standard

October 19, 2021

The Information Security program at the University of Toronto (U of T) is continually working with the community to better protect the University and its people against security risks. Most recently, the University’s Information Security Council has endorsed the Information Security Standard (the Standard) to provide a set of baseline security measures to protect our data and information systems based on the associated data classification. The standard is customized to U of T’s specific environment.

“The Information Security Standard consists of the measures we take to protect our systems and data based on risk,” said Deyves Fonseca, Associate Director, Information Security Operations. “Keeping U of T’s data and computing environment safe and secure is a team effort. Therefore, it is critical that everyone at U of T understands the Information Security Standard and applies it to protect our data and information systems,” he added.

Applying the Information Security Standard

Protecting our data and information systems is a shared responsibility — every person in the U of T community plays a role in applying the Information Security Standard guidelines.

Here is how you can use the standard based on your role:

Data users: Learn how to securely handle the data you work with.
Decision makers: Make strategic decisions about protecting data and systems within divisions and administrative or academic organizational units.
Teams managing information systems: Implement security safeguards, configure systems and build processes to reduce risk.

Help secure U of T’s data and information systems

Identify the classification and the risk associated with the data you handle.
Learn more about the Information Security Standard and how to apply it.

For more information, visit the ISEA website.

This article is part of a series for Cyber Security Awareness Month (CSAM). To learn more about how to stay safe online, visit the CSAM resources page.