These resources are provided for anyone who is interested in general information risk and cybersecurity topics. This is a living document, so if you have a great resource you would like to share, please contact the IRSA Team.
General | Vulnerability Lists & Databases |
Privacy Legislation | Research |
Frameworks and Organizations | Sites, Blogs and Communities |
Other Assessment Tools | Podcasts |
Training and Certifications |
General
U of T Security Matters Website
Freedom of Information and Protection of Privacy Office (FIPP Office)
U of T Policies related to Information Security
Privacy Legislation
For guidance on how these apply in the University of Toronto context, please contact the U of T FIPP Office.
Information Privacy Commissioner of Ontario
Freedom of Information and Protection of Privacy Act (FIPPA)
Personal Health Information Privacy Act (PHIPA)
Personal Information Protection and Electronic Documents Act (PIPEDA)
General Data Protection Regulation (GDPR)
Frameworks and Organizations
National Institute of Standards and Technology – Cybersecurity
https://www.nist.gov/topics/cybersecurity
Centre for Internet Security
https://www.cisecurity.org
CIS has a framework of controls and have mapped them to the NIST Cybersecurity Framework. CIS also publishes detailed secure configuration settings for a wide variety of operating systems, network devices, application platforms, and other components of the IT infrastructure.
International Standards Organization (ISO) Information Security and Risk Management Standards
- ISO 27001 – Information security management
- ISO31000 – Risk Management guidelines
Full text of ISO standards are available to U of T students, staff and faculty through the U of T Library.
https://guides.library.utoronto.ca/StandardsCodes
Canadian Centre for Cybersecurity
https://cyber.gc.ca/en/
Educause – Cybersecurity
https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program
Cloud Security Alliance
https://cloudsecurityalliance.org/
Open Web Application Security Project (OWASP)
https://owasp.org/
Mitre ATT&CK
https://attack.mitre.org/
Other Assessment Tools
Higher Education Community Vendor Assessment Tool (HECVAT)
https://library.educause.edu/resources/2016/10/higher-education-community-vendor-assessment-toolkit
https://www.ren-isac.net/public-resources/hecvat.html
Cloud Controls Matrix
https://cloudsecurityalliance.org/research/cloud-controls-matrix/
CIS Controls Self-Assessment Tool
https://www.cisecurity.org/blog/cis-csat-free-tool-assessing-implementation-of-cis-controls/
Vulnerability Lists and Databases
OWASP Top 10 – https://owasp.org/www-project-top-ten/
SANS Top 25 – https://www.sans.org/top25-software-errors/
Common Vulnerabilities and Exposures (CVE) Database – https://cve.mitre.org/
Common Weakness Enumeration (CWE) Database – https://cwe.mitre.org/
Common Vulnerability Scoring System (CVSS) – https://www.first.org/cvss/
Research
Verizon Data Breach Report – https://enterprise.verizon.com/resources/reports/dbir/
SANS Reading Room – https://www.sans.org/reading-room/
Training and Certifications
U of T School of Continuing Studies
https://learn.utoronto.ca
UofT SCS offers a number of programs and courses on Information Security Topics
LinkedIN Learning
https://onesearch.library.utoronto.ca/linkit/lyndacom-online-courses
These two courses provide a good overview of Information Security topics:
- Understanding NIST Cybersecurity Framework
- Cybersecurity for small and medium businesses
SANS Institute
https://www.sans.org
ISACA
https://www.isaca.org/
Sites, Blogs and Communities
- https://task.to – Toronto Area Security Klatch. Monthly meetings include talks on cybersecurity topics, all who are interested are welcome.
- https://haveibeenpwned.com/ – Check if you have an account that has been compromised in a data breach.
- https://www.sans.org/security-resources/
- https://www.cisecurity.org/resources/?type=post
- https://www.schneier.com/
- https://krebsonsecurity.com/
- https://taosecurity.blogspot.com/ – Nov. 16, 2019 post has a good discussion around risk strategies.
- https://medium.com/topic/cybersecurity
- EDUCAUSE Security Community Group Listserv – https://www.educause.edu/community/security-community-group
- https://www.reddit.com/r/NISTControls/
Podcasts
- Down the Security Rabbit Hole – http://podcast.wh1t3rabbit.net/
- Darknet Diaries – https://darknetdiaries.com/
- Risky Business – https://risky.biz/
- SANS ISC Stormcast – https://isc.sans.edu/podcast.html