These resources are provided for anyone who is interested in general information risk and cybersecurity topics. This is a living document, so if you have a great resource you would like to share, please contact the IRSA Team.
|General||Vulnerability Lists & Databases|
|Frameworks and Organizations||Sites, Blogs and Communities|
|Other Assessment Tools||Podcasts|
|Training and Certifications|
For guidance on how these apply in the University of Toronto context, please contact the U of T FIPP Office.
Information Privacy Commissioner of Ontario
Freedom of Information and Protection of Privacy Act (FIPPA)
Personal Health Information Privacy Act (PHIPA)
Personal Information Protection and Electronic Documents Act (PIPEDA)
General Data Protection Regulation (GDPR)
Frameworks and Organizations
National Institute of Standards and Technology – Cybersecurity
Centre for Internet Security
CIS has a framework of controls and have mapped them to the NIST Cybersecurity Framework. CIS also publishes detailed secure configuration settings for a wide variety of operating systems, network devices, application platforms, and other components of the IT infrastructure.
International Standards Organization (ISO) Information Security and Risk Management Standards
- ISO 27001 – Information security management
- ISO31000 – Risk Management guidelines
Full text of ISO standards are available to U of T students, staff and faculty through the U of T Library.
Canadian Centre for Cybersecurity
Educause – Cybersecurity
Cloud Security Alliance
Open Web Application Security Project (OWASP)
Other Assessment Tools
Higher Education Cloud Vendor Assessment Tool (HECVAT)
Cloud Controls Matrix
CIS Controls Self-Assessment Tool
Vulnerability Lists and Databases
OWASP Top 10 – https://owasp.org/www-project-top-ten/
SANS Top 25 – https://www.sans.org/top25-software-errors/
Common Vulnerabilities and Exposures (CVE) Database – https://cve.mitre.org/
Common Weakness Enumeration (CWE) Database – https://cwe.mitre.org/
Common Vulnerability Scoring System (CVSS) – https://www.first.org/cvss/
Verizon Data Breach Report – https://enterprise.verizon.com/resources/reports/dbir/
SANS Reading Room – https://www.sans.org/reading-room/
Training and Certifications
U of T School of Continuing Studies
UofT SCS offers a number of programs and courses on Information Security Topics
These two courses provide a good overview of Information Security topics:
- Understanding NIST Cybersecurity Framework
- Cybersecurity for small and medium businesses
Sites, Blogs and Communities
- https://task.to – Toronto Area Security Klatch. Monthly meetings include talks on cybersecurity topics, all who are interested are welcome.
- https://haveibeenpwned.com/ – Check if you have an account that has been compromised in a data breach.
- https://taosecurity.blogspot.com/ – Nov. 16, 2019 post has a good discussion around risk strategies.
- EDUCAUSE Security Community Group Listserv – https://www.educause.edu/community/security-community-group
- Down the Security Rabbit Hole – http://podcast.wh1t3rabbit.net/
- Darknet Diaries – https://darknetdiaries.com/
- Risky Business – https://risky.biz/
- SANS ISC Stormcast – https://isc.sans.edu/podcast.html