The Security Awareness and Training Program (SATP) aims to build a culture of security at the University by equipping our community with knowledge, practices and technologies needed to protect themselves and U of T against information security threats.

1. Provide fundamental security awareness: Provide periodic fundamental security training to all staff, librarians, faculty and students and run periodic phishing simulations
2. Provide role-based security training: Offer targeted security training to individuals based on their roles (e.g., application developers, IT admins, researchers etc.)
3. Develop security skills: Provide opportunities to develop security skillset for IT staff

• We foster an environment of positive learning
• We offer security awareness & training on a risk-based approach
• We leverage a culture of collaboration to iterate and continuously improve

During our consultation with the wider University community over the summer and fall of 2022, many stakeholders expressed a strong interest in prioritizing a security awareness and training initiative. They desired that this be implemented as soon as possible.

The commonly understood value of having a security awareness and training program is to address the many human-related factors that are a source of security risk. Because there are no one-stop technological solutions to address cyber security threats, it is essential to have people be part of the solution when it comes to securing our University. Preserving the reputation of our University is essential, and this cannot be achieved without protecting all non-public information from loss and unintentional disclosure.

It is also part of U of T’s security standards to have security awareness and training. For more information, refer to the U of T Information and Security Standard.

The SATP consists of multiple projects such as the Security Awareness and Training – Foundations (SATF) project.