Incident response planning

Purpose

Preparatory activities, including documenting, training, and testing, are essential to identifying, containing, eradicating, and recovering from a security incident. It is important to act as if you a preparing for when an incident will occur, rather then if. Taking a proactive approach will help you return to normal activities as soon as possible.

Audience

status:researchers status:Admin staff status:IT staff

On this page

Initial considerations

Departmental and divisional incident response plans.

• Contact your local IT group about your department or division’s incident response plan. Ask how your team can or does fit into it.

  • Contact us | Information Technology (IT)

Follow security best practices.

• Preventing an incident is always preferable to recovering from an incident. Enacting the following best practices can reduce the risk of an incident significantly.

  • Best practices to secure systems and environments

What can I do?

Review and adopt the University incident response plan or use it to create your own.

• Every employee at the University should be familiar with the incident response process and able to escalate incidents to their academic, administrative, or technical leadership teams, should an incident arise.

  • Information Security Incident Response Plan - Information Security at University of Toronto

Report suspected incidents.

• If you suspect a security event or incident is taking place or has occurred, report it.

  • Report a security event or incident

Search

Additional help

General

Contact us | Information Security (IS)

Contact us | Information Technology (IT)

Researchers

Research Information Security - Information Security at University of Toronto

Related articles