Archives

Research Cyber Security and Risk Documentation

"" Overview and Key Features:

Research cyber security and risk mitigation plans aim to:
  • Document the security measures in place for an information system, and/or
  • Outline how cyber security safeguards are implemented to mitigate risks associated with a research project.

As a result of these research cyber security and risk mitigation plans, researchers will receive the necessary security documentation for certain funding applications and research agreements. Document generation will be carried out in collaboration with the research team, as well as relevant technical and security staff.

""  Getting Started:

  • Types of Documentation:

A cyber security plan aims to document, at a high level, the information security controls, practices and procedures in place for a research project and its associated information systems and solutions.

A cyber risk mitigation plan outlines the cyber security-related mitigations that have been or will be implemented to address various risks related to a research project (e.g., sharing data with external collaborators).

Connect with the Research Information Security Program team via Enterprise Service Centre ESC to safeguard research knowledge, intellectual property and data.

""   Get Help:

Contact the Research Information Security Program team: research.infosec@utoronto.ca.

Research Cyber Risk Assessments

"" Overview and Key Features:

A Research Cyber Security, Threat and Risk Assessment (R-CSTRA) aims to:

  • Identify potential security risks, threats and gaps related to your research project.
  • Recommend services and methods to enhance the security of your research project.
  • Evaluate your project’s alignment with the U of T’s Information Security Control Standard and other relevant requirements.

Through an R-CSTRA, researchers will gain a clearer understanding of their project’s security posture and the cyber threats and risks that could impact their intellectual property. Assessments are conducted in collaboration with the research team and relevant technical and security staff to ensure a comprehensive and tailored approach.

""  Getting Started:

Assessment types:

  • Basic

A basic R-CSTRA provides a high-level review of a research project and the information systems and solutions that interact with research data (e.g., collection, generation, processing, storage) to identify potential threats and risks. This assessment is designed for low-risk projects that involve level 1, level 2 or lower-risk level 3 data, with minimal regulatory or security requirements.

  • Advanced

An advanced R-CSTRA involves a comprehensive review of a research project and all associated information systems and solutions that interact with research data. This assessment evaluates potential threats and risks and includes an in-depth analysis of information systems and solutions against the university’s Information Security Control Standard. It is intended for medium- and high-risk projects that involve higher-risk level 3 and level 4 data or require a robust data governance structure and adherence to significant regulatory requirements.

Connect with the Research Information Security Program team via Enterprise Service Centre to safeguard research knowledge, intellectual property and data.

""   Get Help:

Contact the Research Information Security Program team: research.infosec@utoronto.ca.