Incident response planning
Purpose
Preparatory activities, including documenting, training, and testing, are essential to identifying, containing, eradicating, and recovering from a security incident. It is important to act as if you a preparing for when an incident will occur, rather then if. Taking a proactive approach will help you return to normal activities as soon as possible.
Audience
researchers Admin staff IT staff
On this page
Initial considerations
Departmental and divisional incident response plans.
Contact your local IT group about your department or division’s incident response plan. Ask how your team can or does fit into it.
Follow security best practices.
Preventing an incident is always preferable to recovering from an incident. Enacting the following best practices can reduce the risk of an incident significantly.
What can I do?
Review and adopt the University incident response plan or use it to create your own.
Every employee at the University should be familiar with the incident response process and able to escalate incidents to their academic, administrative, or technical leadership teams, should an incident arise.
Report suspected incidents.
If you suspect a security event or incident is taking place or has occurred, report it.
Search
Additional help
General
Contact us | Information Security (IS)
Contact us | Information Technology (IT)
Researchers
Research Information Security - Information Security at University of Toronto
Related articles
Â