Incident response planning

Purpose

Preparatory activities, including documenting, training, and testing, are essential to identifying, containing, eradicating, and recovering from a security incident. It is important to act as if you a preparing for when an incident will occur, rather then if. Taking a proactive approach will help you return to normal activities as soon as possible.

Audience

RESEARCHERS ADMIN STAFF IT STAFF

Initial considerations

Departmental and divisional incident response plans.

Contact your local IT group about your department or division’s incident response plan. Ask how your team can or does fit into it.
- https://uoft-infosec-cf.atlassian.net/wiki/spaces/ISH/pages/4948958/Additional+help#%F0%9F%96%A5%EF%B8%8F-Information-Technology-(IT)

Follow security best practices.

Preventing an incident is always preferable to recovering from an incident. Enacting the following best practices can reduce the risk of an incident significantly.
- Best practices to secure systems and environments

What can I do?

Review and adopt the University incident response plan or use it to create your own.

Every employee at the University should be familiar with the incident response process and able to escalate incidents to their academic, administrative, or technical leadership teams, should an incident arise.
- https://security.utoronto.ca/framework/standards/incident-security-response-plan/

Report suspected incidents.

If you suspect a security event or incident is taking place or has occurred, report it.
- Report a security event or incident

Search

Additional help

General

https://uoft-infosec-cf.atlassian.net/wiki/spaces/ISH/pages/4948958/Additional+help#%F0%9F%9B%A1%EF%B8%8F-Information-Security-(IS)

https://uoft-infosec-cf.atlassian.net/wiki/spaces/ISH/pages/4948958/Additional+help#%F0%9F%96%A5%EF%B8%8F-Information-Technology-(IT)

Researchers

https://security.utoronto.ca/services/research-information-security-program/