The academic and administrative work of the University increasingly relies on services supported by IT systems, including the presentation and preservation of sensitive information. The number and sophistication of threats against such critical resources is increasing, from independent hackers, organized criminal enterprises, corporate interests, and government agencies. Attacks on university data and systems have occurred in the past and can be expected to happen again.
It is the responsibility of the University to address these risks while maintaining appropriate access to services and information. The goal should be to reduce the profile vulnerable to malicious attack or operational error by reducing as much as possible the number of systems being used to conduct the university’s academic and administrative business, and then protect the remaining profile through the highest quality of information security technology, services and practice.
The final copy of the Policy has been significantly informed by consultation and input from the University community. The Office of the CIO has sought input from divisional and departmental liaisons and standing consultative groups like the IT Priorities & Accountability Committee, the Process & Technology Committee, and the IT Leaders Forum, as well as other channels. The Information Security and Enterprise Architecture team consulted across the University regarding the development of guidelines, standards and procedures to implement the policy requirements. Additional documents related to the initiative but not in the Policy are provided below:
If you have any questions, please contact ITS at its[at]utoronto.ca, or call the Office of the CIO at 416-978-8385.