These resources are provided for anyone who is interested in general information risk and cybersecurity topics. This is a living document, so if you have a great resource you would like to share, please contact the IRSA Team.

General Vulnerability Lists & Databases
Privacy Legislation Research
Frameworks and Organizations Sites, Blogs and Communities
Other Assessment Tools Podcasts
Training and Certifications


U of T Security Matters Website
Freedom of Information and Protection of Privacy Office (FIPP Office)
U of T Policies related to Information Security

Privacy Legislation

For guidance on how these apply in the University of Toronto context, please contact the U of T FIPP Office.

Information Privacy Commissioner of Ontario
Freedom of Information and Protection of Privacy Act (FIPPA)
Personal Health Information Privacy Act (PHIPA)
Personal Information Protection and Electronic Documents Act (PIPEDA)
General Data Protection Regulation (GDPR)

Frameworks and Organizations

National Institute of Standards and Technology – Cybersecurity

Centre for Internet Security

CIS has a framework of controls and have mapped them to the NIST Cybersecurity Framework. CIS also publishes detailed secure configuration settings for a wide variety of operating systems, network devices, application platforms, and other components of the IT infrastructure.

International Standards Organization (ISO) Information Security and Risk Management Standards

  • ISO 27001 – Information security management
  • ISO31000 – Risk Management guidelines

Full text of ISO standards are available to U of T students, staff and faculty through the U of T Library.

Canadian Centre for Cybersecurity

Educause – Cybersecurity

Cloud Security Alliance

Open Web Application Security Project (OWASP)

Mitre ATT&CK

Other Assessment Tools

Higher Education Community Vendor Assessment Tool (HECVAT)

Cloud Controls Matrix

CIS Controls Self-Assessment Tool

Vulnerability Lists and Databases

OWASP Top 10 –

SANS Top 25 –

Common Vulnerabilities and Exposures (CVE) Database –

Common Weakness Enumeration (CWE) Database –

Common Vulnerability Scoring System (CVSS) –


Verizon Data Breach Report –

SANS Reading Room –

Training and Certifications

U of T School of Continuing Studies

UofT SCS offers a number of programs and courses on Information Security Topics

LinkedIN Learning

These two courses provide a good overview of Information Security topics:

  • Understanding NIST Cybersecurity Framework
  • Cybersecurity for small and medium businesses

SANS Institute



Sites, Blogs and Communities