These resources are provided for anyone who is interested in general information risk and cybersecurity topics. This is a living document, so if you have a great resource you would like to share, please contact the IRSA Team.

General Vulnerability Lists & Databases
Privacy Legislation Research
Frameworks and Organizations Sites, Blogs and Communities
Other Assessment Tools Podcasts
Training and Certifications

General

U of T Security Matters Website
Freedom of Information and Protection of Privacy Office (FIPP Office)
U of T Policies related to Information Security

Privacy Legislation

For guidance on how these apply in the University of Toronto context, please contact the U of T FIPP Office.

Information Privacy Commissioner of Ontario
Freedom of Information and Protection of Privacy Act (FIPPA)
Personal Health Information Privacy Act (PHIPA)
Personal Information Protection and Electronic Documents Act (PIPEDA)
General Data Protection Regulation (GDPR)

Frameworks and Organizations

National Institute of Standards and Technology – Cybersecurity
https://www.nist.gov/topics/cybersecurity

Centre for Internet Security
https://www.cisecurity.org

CIS has a framework of controls and have mapped them to the NIST Cybersecurity Framework. CIS also publishes detailed secure configuration settings for a wide variety of operating systems, network devices, application platforms, and other components of the IT infrastructure.

International Standards Organization (ISO) Information Security and Risk Management Standards

  • ISO 27001 – Information security management
  • ISO31000 – Risk Management guidelines

Full text of ISO standards are available to U of T students, staff and faculty through the U of T Library.

https://guides.library.utoronto.ca/StandardsCodes

Canadian Centre for Cybersecurity
https://cyber.gc.ca/en/

Educause – Cybersecurity
https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program

Cloud Security Alliance
https://cloudsecurityalliance.org/

Open Web Application Security Project (OWASP)
https://owasp.org/

Mitre ATT&CK
https://attack.mitre.org/

Other Assessment Tools

Higher Education Cloud Vendor Assessment Tool (HECVAT)
https://library.educause.edu/resources/2016/10/higher-education-community-vendor-assessment-toolkit
https://www.ren-isac.net/public-resources/hecvat.html

Cloud Controls Matrix
https://cloudsecurityalliance.org/research/cloud-controls-matrix/

CIS Controls Self-Assessment Tool
https://www.cisecurity.org/blog/cis-csat-free-tool-assessing-implementation-of-cis-controls/

Vulnerability Lists and Databases

OWASP Top 10 – https://owasp.org/www-project-top-ten/

SANS Top 25 – https://www.sans.org/top25-software-errors/

Common Vulnerabilities and Exposures (CVE) Database – https://cve.mitre.org/

Common Weakness Enumeration (CWE) Database – https://cwe.mitre.org/

Common Vulnerability Scoring System (CVSS) – https://www.first.org/cvss/

Research

Verizon Data Breach Report – https://enterprise.verizon.com/resources/reports/dbir/

SANS Reading Room – https://www.sans.org/reading-room/

Training and Certifications

U of T School of Continuing Studies
https://learn.utoronto.ca

UofT SCS offers a number of programs and courses on Information Security Topics

LinkedIN Learning
https://onesearch.library.utoronto.ca/linkit/lyndacom-online-courses

These two courses provide a good overview of Information Security topics:

  • Understanding NIST Cybersecurity Framework
  • Cybersecurity for small and medium businesses

SANS Institute
https://www.sans.org

ISACA
https://www.isaca.org/

ISC2
https://www.isc2.org/

Sites, Blogs and Communities

Podcasts