Archives

Research Cyber Security and Risk Documentation

"" Overview and Key Features:

Research cyber security and risk mitigation plans aim to:
  • Document the security measures in place for an information system, and/or
  • Outline how cyber security safeguards are implemented to mitigate risks associated with a research project.

As a result of these research cyber security and risk mitigation plans, researchers will receive the necessary security documentation for certain funding applications and research agreements. Document generation will be carried out in collaboration with the research team, as well as relevant technical and security staff.

""  Getting Started:

  • Types of Documentation:

A cyber security plan aims to document, at a high level, the information security controls, practices and procedures in place for a research project and its associated information systems and solutions.

A cyber risk mitigation plan outlines the cyber security-related mitigations that have been or will be implemented to address various risks related to a research project (e.g., sharing data with external collaborators).

Connect with the Research Information Security Program team via Enterprise Service Centre ESC to safeguard research knowledge, intellectual property and data.

""   Get Help:

Contact the Research Information Security Program team: research.infosec@utoronto.ca.

Research Cyber Risk Assessments

"" Overview and Key Features:

A Research Cyber Security, Threat and Risk Assessment (R-CSTRA) aims to:

  • Identify potential security risks, threats and gaps related to your research project.
  • Recommend services and methods to enhance the security of your research project.
  • Evaluate your project’s alignment with the U of T’s Information Security Control Standard and other relevant requirements.

Through an R-CSTRA, researchers will gain a clearer understanding of their project’s security posture and the cyber threats and risks that could impact their intellectual property. Assessments are conducted in collaboration with the research team and relevant technical and security staff to ensure a comprehensive and tailored approach.

""  Getting Started:

Assessment types:

  • Basic

A basic R-CSTRA provides a high-level review of a research project and the information systems and solutions that interact with research data (e.g., collection, generation, processing, storage) to identify potential threats and risks. This assessment is designed for low-risk projects that involve level 1, level 2 or lower-risk level 3 data, with minimal regulatory or security requirements.

  • Advanced

An advanced R-CSTRA involves a comprehensive review of a research project and all associated information systems and solutions that interact with research data. This assessment evaluates potential threats and risks and includes an in-depth analysis of information systems and solutions against the university’s Information Security Control Standard. It is intended for medium- and high-risk projects that involve higher-risk level 3 and level 4 data or require a robust data governance structure and adherence to significant regulatory requirements.

Connect with the Research Information Security Program team via Enterprise Service Centre to safeguard research knowledge, intellectual property and data.

""   Get Help:

Contact the Research Information Security Program team: research.infosec@utoronto.ca.

Preferred name (display first name)

"" Overview and Key Features:

Members of the University of Toronto community often have a first name other than an official name that they use to identify themselves to others. Recognizing this, U of T allows students, faculty and staff to set and use their preferred first name.

Differentiating between the preferred and official first names allows the University to enable individual preference in applications that do not have a requirement to use official names. The preferred name option enacts the adoption of a consolidated preferred name across the University’s IT infrastructure.

The preferred name service was previously known as display first name.

""  Getting Started:

Access the preferred name service.

  • How to use:

To change your preferred name, log in to the preferred name service page and follow the prompts.

  • Application owners:

If you’re an application owner, learn how to consume preferred name information from Shibboleth.

""   Get Help:

Questions about selecting a preferred name

Students should contact their registrar’s office and employees should contact their divisional human resources office.

Forensic services

"" Overview and Key Features:

The Incident Response team offers digital forensic services for malicious computer activity. This service also facilitates access to third-party services if information security incidents need a more detailed analysis of changes made by malicious actors.

""  Getting Started:

Forensic services are provided for reported information security incidents. If you are experiencing an incident and you have not reported it, please follow the steps below.

  • Low severity incidents:

For low severity incidents, such as a compromised account or clicking a link in a phishing email, contact security.response@utoronto.ca.

  • Medium to critical severity incidents:

For information about medium to critical severity incidents, refer to the Incident Response Plan. If you are experiencing a medium to critical severity incident, complete the incident intake form.

""   Get Help:

If forensic services work is not already happening as part of a reported security incident, contact security.response@utoronto.ca.

Online Meetings (Zoom)

"" Overview and Key Features:

Zoom is a cloud-based video communications tool that allows you to set up virtual video and audio conferencing, webinars, live chats, screen-sharing, and other collaborative capabilities. Instructors have additional access to Zoom Cloud for recordings up to 365 days.  Undergraduate students do not have access to record to Zoom Cloud.  An Instructor/teaching assistant can host meetings with unlimited minutes for up to 300 participants.

 

""  Getting Started:

Login to the University of Toronto Zoom access portal – utoronto.zoom.us

  • Scenario I: University of Toronto Mississauga (UTM) Community Members

Members of the UTM community should continue to use the U of T Zoom Portal (https://utoronto.zoom.us) as they always have – there is no change for you.

  • Scenario II: Zoom Accounts Supplied by Departments/Divisions

We know that several departments and even some full divisions, such as OISE, Medicine, U of T Scarborough, etc. have paid for, supply, and/or manage Zoom accounts for their instructors and staff. If your Zoom account was given to you by your department, it is imperative that you do NOT access the U of T Zoom Portal without first checking with your local or divisional IT unit. If you are not sure, please contact your local or divisional IT unit first.

  • Scenario III: No Previous Zoom Account (or accounts not associated with a U of T email)

For individuals who have never had a Zoom account, or for individuals who have a Zoom account that is not associated with their U of T email address, simply go to the U of T Zoom Portal (https://utoronto.zoom.us), and log in with your UTORid and password, and claim your personal Zoom Education license.

  • Scenario IV: Existing Free Zoom Account using U of T email

For individuals who have a Free Zoom account that is associated with their U of T email address, and who wish to upgrade at no personal cost to a full Zoom Education account, simply go to the U of T Zoom Portal (https://utoronto.zoom.us), and log in with your UTORid and password, and claim your personal Zoom Education license. It will take about 24 to 48 hours to transfer your existing Free Zoom account to our provisional Zoom Education Licenses.

 

""   Get Help:

UTM ITS Zoom Index of Knowledge Base articles (requires UTORid and password):
https://uoft.service-now.com/utm_iits?id=kb_article&sysparm_article=KB 0011068 External Link icon

Academic, Research & Collaborative Technologies (ARC) Zoom information (details on account creation, zoom licence scenarios):
https://act.utoronto.ca/zoom-information/ External Link icon

U of T Faculty of Applied Science & Engineering (FASE) Documentation on Zoom:
https://ito-engineering.screenstepslive.com/s/ito_fase/m/95272  External Link icon

Academic, Research & Collaborative Technologies (ARC) Enterprise Video-conferencing & Video Meeting Resources:
https://act.utoronto.ca/enterprise-video-conferencing-video-meeting-resources/ External Link icon

 

Time & Attendance (UTime)

"" Overview and Key Features:

UTime is the University of Toronto’s time and attendance solution. This system, formally known as UKG’s Pro Workforce Management, offers a seamless user experience along with robust timekeeping, advanced scheduling and reporting. UTime supports administrative operations by optimizing, automating and streamlining business processes, ensuring more efficient workforce management across the university.

This service utilizes your UTORid credentials. For more information on UTORid, please refer to: https://www.utorid.utoronto.ca/

This new time management solution provides:

  • Mobile-friendly user interface and navigation, providing easy access to frequently used actions.
  • Robust dataviews and reporting, providing standard user-friendly insights that enhance transparency and tracking.
  • Automated notifications that simplify timecard approvals and tracking employee hours.

  • Enhanced alignment with U of T’s payroll system for improved information delivery and data accuracy.

  • Streamlined and simplified processes for managing, tracking and reporting on employees with multiple assignments.

""  Getting Started:

Visit the UTime Support Centre for more information, including useful links and FAQs.

Interested in onboarding to UTime? Learn more about next steps.

""   Get Help:

For additional FAQs and information for payroll administrators, managers and employees, visit the Enterprise Service Centre (ESC)

  • User Documentation:
  1. Payroll Administrators (secure access)
  2. Managers
  3. Employees

Web Hosting Services

""   Overview and Key Features:

This resource is available for academic and administrative use. This website design service is offered by ARC for all academic and administrative units and departments.  Cost depends on the size and scope of the website. Design and development work is provided on a case-by-case basis.

 

Help - Free computer icons    Getting Started:

The creation process is relatively simple:

  1. Decide on a domain name, one that ends with ‘utoronto.ca’
  2. Request approval of the domain name by reaching out to

webservices@utoronto.ca

  1. We’ll create a temporary website for you (we call these “staging” sites), so you can get started on content right away
  2. Login, add content, change theme and design

When everything looks good, we’ll finalize the launch.

 

Question mark - Free communications icons   Get Help:

Please feel free to contact us at webservices@utoronto.ca

VPN and Secure Remote Access

""   Overview and Key Features:

Members of the University community must secure their access to sensitive systems and protect themselves when connecting from remote locations, such as while traveling or working from home. Virtual Private Networks (VPNs) allow a user to route their computer’s internet traffic through a specific network while not directly connected to it. U of T offers two VPN tools for different purposes:

  • UTORvpn: A general remote access VPN that protects connections and allows users to connect to the campus wireless network remotely.
  • AdminVPN: Allows the owners of administrative and academic systems, as well as department administrators, to enforce strong authentication and secure connections.

   

Help - Free computer icons   Getting started

  1. Download Cisco Secure Client (for desktop) or the Cisco Secure Client app (for Android/iOS). Cisco Secure Client was previously known as “Cisco AnyConnect Secure Mobility Client”.
  • Installation instructions for Secure Client can be found below.
  1. Open Cisco Secure Client.
  2. From the dropdown menu, enter or select “general.vpn.utoronto.ca” and click Connect.
  3. An authentication window will open. Enter your UTORid and password, then cick OK.
  4. Your computer will notify you that it is now connected to UTORvpn.

For detailed connection walkthroughs, see the Enterprise Service Centre (ESC) Knowledge Base:

 

Installing the VPN client

You must have an administrator account to install Cisco Secure Client on desktop. If you are using a U of T-managed workstation, contact your local IT help desk to have them install the software for you.

Installing on Windows

  1. Navigate to your Downloads folder and run the Cisco Secure Client .msi
  2. Agree to the licence agreement and the installation will complete.

Installing on Mac

  1. Navigate to your Downloads folder
  2. Double-click on the Cisco Secure Client .pkg file to start the installer.
  3. Click Continue and accept the license agreement.
  4. Uncheck all modules except VPN. Click Continue.

 

Installing on Linux (Ubuntu)

  1. Navigate to your Downloads folder and extract the Cisco Secure Client gz file to a directory.
  2. Navigate to the VPN directory under the extracted directory. Right-click and choose Open In Terminal.
  3. Run the command: sudo bash vpn_install.sh. Enter your password when prompted.
  4. Agree to the license agreement and the installation will complete.

 

Voice Communication Services

""   Overview and Key Features:

VoIP stands for Voice over Internet Protocol. It is a technology that allows you to make voice calls using a network connection instead of a regular (analog) phone line. VoIP converts your voice into a digital signal for transmission. VoIP services are provided by the Telecommunications (Telecom) team in Enterprise Infrastructure Solutions (EIS) in Information Technology Services (ITS).

Services:

  • Microsoft Teams Phone as the University’s main VoIP solution for making and receiving phone calls.

Features:

  • Teleconference and videoconference calls
  • Access to voice messages via email
  • Ability to use computer with a headset instead of a physical phone

   

Help - Free computer icons   Getting Started:

   

Question mark - Free communications icons   Get Help:

  • To move, add, change or delete something for Teams Phone: Get Help (where does this linked to?)
  • For help with a VoIP , contact voipsupport@utoronto.ca or call 416-978-VOIP (8647)
  • VoIP FAQ

Secure File Transfer Service (UTsend)

Product overview - Free business icons   Overview and Key Features:

UTsend is a secure file transfer service used for sharing content with internal or external users. All files are encrypted, authenticated, and virus-scanned.

U of T faculty, librarians, and staff can upload files and send file request links through UTsend. Email (e.g., Microsoft Outlook) may be used for general communication but it is not encrypted and should not be used for sharing or storing L4 data. Recipients will receive UTsend notifications via email but all file transfers will occur through the UTsend website.

   

Help - Free computer icons   Getting Started:

UTsend can be accessed using your UTORID at: https://send.utoronto.ca/

You can send a file to someone via UTsend by “dropping off” that file into the application. Downloading a file that someone else has sent to you is referred to as a file “pick up”.

UTsend hosts files for 14 days so this service is not suitable for long-term storage. Please keep a downloaded copy of any files transmitted via UTsend in another appropriate location for your own records.

 

Question mark - Free communications icons   Get Help:

For assistance with UTsend, open a ticket on the Enterprise Service Centre