The University of Toronto Information Security strategy sets the mission, vision, goals, objectives, and outcomes that will drive the information security priorities for the University of Toronto over the next four years. It aims to enrich and support the University’s academic mission by enabling scholars, researchers, academics, and staff.

The strategy was developed through a community-driven approach. This involved extensive consultation with academic and administrative units and incorporates the voices of several community members. It was also influenced and shaped by the IT@UofT strategy and the NIST Cyber Security Framework, along with results of internal and external security assessments, reality of the security threat landscape, and advice from security experts.

By setting a shared direction for information security at the University, the strategy empowers units to identify their priorities, define and execute operational plans, and measure progress over the next four years.

Our mission and vision


Enable world-class teaching, learning, and research through information security leadership and services that empower people, adapt to risk, and respond to the diverse needs of the university community.

Vision statement

Secure Together.

Secure Together at U of T logo

Message from the Office of the CISO

The world is rapidly becoming a digital-first experience. At the University this is reflected in our hybrid learning environments, course registration processes, real-time research collaboration across the world, and use of data to drive effective evidence-based decision making.

Information and technology are at the core of almost everything we do today. It is therefore essential that we enable resilient ecosystems that ensure the security and safety of our people, data, and systems, wherever they are.

Our vision is to work together, each of us doing our small part to help secure our ecosystem, so we can focus on what matters most: our learners, our scholars, our staff, and the communities we are in.

Our systems and workflows must not only meet discipline-specific needs but also have security and privacy embedded into their design. This, coupled with the influence of those who are best informed to make the right decisions, is how we will enable transformative education, innovative research, and the University’s Three Priorities.

We truly are Secure Together.

Objectives and outcomes

  1. Secure University digital transformation
    1. Seamless access to the digital university enabled through a single identity
    2. Appropriate protections for our people, data, and systems regardless of location
    3. Innovative approaches to securing the next generation of digital solutions
    4. Information Security regarded as an enabler of digital transformation and the University mission
  2. Trustworthy teaching, learning, and research
    1. An information security-aware culture
    2. Accelerated adoption of privacy-conscious edtech solutions
    3. Seamless information security support across the entire research lifecycle
    4. Alignment with University data governance strategic outcomes
  3. Resiliency through effective risk management
    1. Risk management programs adopted by units and reviewed by the Information Security Council
    2. Cyber incidents prevented or detected and responded to in a timely manner
    3. Managed supply chain risk
    4. Common framework to address regulatory and compliance obligations
  4. Excellence through collaboration
    1. Normalized collaboration on cybersecurity across the University
    2. Increased use of secure shared platforms, capabilities, and methodologies
    3. Experiential learning and career growth opportunities for students, faculty, and staff
    4. Strong sector partnership on shared opportunities and challenges

Our strategic goals

  • 1
  • 2
    Uphold privacy, openness, and free inquiry
  • 3
    Deliver a world-class, exemplary information security program
Staff, faculty and librarians at the University of Toronto St. George Campus

Guiding principles

  • We celebrate diversity and create an inclusive environment
  • We collaborate to build effective solutions
  • We make iterative improvements that promote cultural change
  • We deliver foundational services that are sustainable and can be re-used
  • We empower and enable people to make informed choices
  • We balance risk mitigations with privacy and academic freedom
  • We have a bias for action to mitigate key security risks
  • We stay informed and actively seek feedback to always improve

Overview of Security at U of T

Overview of Security at U of T diagram

Elements of the Security Program:

  • Identify outcomes and risks
  • Protect against security threats
  • Detect security issues as quickly as possible
  • Respond timely to limit impact
  • Recover and get back to teaching & research

What matters most:

  • People
  • Data
  • Systems

Our goals:

  • Enable the mission of the University
  • Uphold privacy, openness, and free inquiry
  • Deliver a world-class, exemplary information security program

Our objectives:

  • Secure University digital transformation
  • Trustworthy teaching, learning, and research
  • Resiliency through effective risk management
  • Excellence through collaboration

Initiatives for a world-class program

  • Adaptive network security

  • Advanced Threat Protection (O365 ATP)
  • Endpoint protection – “next generation” anti-virus

  • Identity modernization

  • Multi-factor authentication (MFA)

  • Research information security program

  • Security awareness and training

  • Security program enhancement and resiliency

  • Timely detection and response

  • Vulnerability management

Office of the CISO focus areas for 2023-24

Annual reports

Information Security: Secure Together - Annual Report, May 2022 to April 2023

May 2022 – April 2023

This annual progress report highlights the risk and achievements of the University of Toronto’s tri-campus information security program for the 2022 – 2023 fiscal year.


Staff using a computer

Strategy resource hub

The Office of the CISO has created tools and guidance to enable units to drive their discipline-specific priorities within the constructs of the strategy. Learn about what’s coming up, the resources available to you and how you can support adoption of the strategy.