Research Cyber Risk Assessments
Overview and Key Features:
A Research Cyber Security, Threat and Risk Assessment (R-CSTRA) aims to:
- Identify potential security risks, threats and gaps related to your research project.
- Recommend services and methods to enhance the security of your research project.
- Evaluate your project’s alignment with the U of T’s Information Security Control Standard and other relevant requirements.
Through an R-CSTRA, researchers will gain a clearer understanding of their project’s security posture and the cyber threats and risks that could impact their intellectual property. Assessments are conducted in collaboration with the research team and relevant technical and security staff to ensure a comprehensive and tailored approach.
Getting Started:
Assessment types:
- Basic
A basic R-CSTRA provides a high-level review of a research project and the information systems and solutions that interact with research data (e.g., collection, generation, processing, storage) to identify potential threats and risks. This assessment is designed for low-risk projects that involve level 1, level 2 or lower-risk level 3 data, with minimal regulatory or security requirements.
- Advanced
An advanced R-CSTRA involves a comprehensive review of a research project and all associated information systems and solutions that interact with research data. This assessment evaluates potential threats and risks and includes an in-depth analysis of information systems and solutions against the university’s Information Security Control Standard. It is intended for medium- and high-risk projects that involve higher-risk level 3 and level 4 data or require a robust data governance structure and adherence to significant regulatory requirements.
Connect with the Research Information Security Program team via Enterprise Service Centre to safeguard research knowledge, intellectual property and data.
Get Help:
Contact the Research Information Security Program team: research.infosec@utoronto.ca.