成人大片

Over the past decade, Canada鈥檚 postsecondary education sector has experienced a dramatic increase in the volume and impact of cyber attacks targeted academic institutions. Successful attacks against universities have shown that traditional anti-virus and blocking techniques are not enough to protect university information and systems.

To respond to the increased risk of attacks, combined with new cybersecurity risks associated with hybrid work, 成人大片鈥檚 executive has mandated a set of minimum cybersecurity controls universally implemented in the following three areas:

1. Remote access to campus and cloud services
2. Improved security of 成人大片 servers
3. Improved security of end-user devices

These are only a minimum set of controls. All 成人大片 employees including researchers, employees handling sensitive information, and instructors should be aware of 成人大片鈥檚 cybersecurity policies and implement additional controls and processes to protect themselves and the sensitive information they access. For more information on cybersecurity at 成人大片 please visit torontomu.ca/cybersecurity.

Remote access to 成人大片 Campus and Cloud Services

All remote logins to 成人大片 technology resources require that community members have two-factor authentication (2FA) enabled.

成人大片 Servers 

The following requirements apply to servers regardless of if they are hosted on campus or are hosted remotely:

1. All servers must be configured and regularly maintained to enhance server security. Once discovered, vulnerabilities must be eliminated promptly. If they cannot be eliminated via patching or other means, mitigation strategies must be developed and put in place.
2. Anti-malware and Endpoint Detection and Response software approved by 成人大片鈥檚 Chief Information Security Officer (CISO) must be installed on all 成人大片 servers that access, process, or store sensitive information as defined in 成人大片鈥檚 Information Classification Standard and Handling Guidelines. 
3. Vulnerability scanning software must be installed on all 成人大片 servers as part of a comprehensive vulnerability management process.
   

End-User Devices

These requirements apply to all 成人大片 employees:

1. Anti-malware and Endpoint Detection and Response software approved by 成人大片鈥檚 CISO must be installed on all 成人大片-owned or operated end-user devices (computers and mobile devices) that access, process, or store sensitive information as defined in 成人大片鈥檚 Information Classification Standard and Handling Guidelines. 
2. Encryption must be enabled on all 成人大片 and personally-owned end-user devices accessing sensitive data on 成人大片鈥檚 systems and services.
3. Current anti-malware software must be installed and regularly updated on all personally owned end-user devices used for accessing 成人大片 systems and information.

In some cases effective anti-malware solutions may not be available for popular mobile devices. In this case please minimize as much as possible the use of these devices to access sensitive 成人大片 information. 

Limitations and Exceptions

All exceptions to the implementation of the security requirements listed here must be approved by 成人大片鈥檚 CISO. All exceptions must provide sufficient evidence to demonstrate an acceptable level of risk before an exception can be made.

Assistance and available services that may help

Computing and Communications Services (CCS) provides support and services that may assist you in complying with the minimum security controls.

Remote access to campus and cloud services

VPN services - CCS offers both an employee and student VPN service. For more information please contact: Wura Bamgbose at ciso@torontomu.ca.

CAS single-sign-on service - please contact: Clara Guo at cguo@torontomu.ca.

CCS operates firewall services that include a remote access management component that forces web logins via CAS before a connection can be made to a web server. For more information on this service, please contact: help@torontomu.ca.

Improved security of 成人大片 servers

Vulnerability scanning and management service - please contact: Wura Bamgbose ciso@torontomu.ca.

Improved security of end-user devices

Information about downloading security software, including anti-malware software, for 成人大片 owned computers is available on the Security Software page.

The same page has information regarding freely available security software for personally owned devices. 

Information on encrypting your devices is available at:

For assistance in other areas please contact the CCS Help Desk at help@torontomu.ca.

Definitions

1. CISO: Chief Information Security Officer.
2. Encryption: a process available on computers, mobile phones and other devices which is implemented to protect confidential data from being accessed by unauthorized people in case your device is ever hacked, lost, stoled or replaced.
3. Malware: software that is specifically designed to disrupt, damage or gain unauthorized access to an individual鈥檚 computer and/or personal device.
4. VPN, or Virtual Private Networks at 成人大片 provides secure access to campus networks from the Internet and allows people to work with on-campus resources as though they are present on campus.
5. Remote logins are when a person logs into a 成人大片 hosted system from a network outside 成人大片鈥檚 campus network or when anyone logs into any cloud-hosted system. 
6. End-user devices are devices, such as desktop and laptop computers and mobile devices like tablets and smartphones, that are physically accessed by individuals as opposed to servers which only provide network accessible services.
7. Anti-malware and endpoint detection and response software both protects end-user devices from having malicious software installed or executed on a device and detects and reports attempts to compromise the device. It goes beyond traditional pattern-matching antivirus software in its ability to detect malicious software using static analysis, AI, and other methods.

References

The minimum security controls are consistent with 成人大片鈥檚 existing cybersecurity policies and standards. In particular please see the:

1. Information Classification Standard and Handling Guidelines
2. Network and Server Security Management Policy
3. Privacy and Access to Information Policy
4. Acceptable Use of Information Technology

Other relevant policies may be found found on the University Administrative Policies site.

Please visit the how to set up minimum cybersecurity controls for employees page for assistance implementing cybersecurity controls.