Information security incident response is a vital component of effective information and cyber risk management. The Incident Response Plan provides guidance for managing incident response with the primary objective to contain and mitigate the impact of computer security incidents. It also outlines the high-level process and requirements for responding to and resolving security incidents, such as:

• Phishing attacks
• Malware and viruses
• Denial of resources or services
• Unauthorized access or attempts to gain unauthorized access
• Inappropriate use of network resources
• Data breaches
• Changes to system hardware, firmware or software without owner’s knowledge
• Any other unlawful activity involving computer networks and processing equipment

The primary audience for this plan includes all information technology managers, IT and non-IT unit leaders, and all other employees at the University who will be involved in responding to a security incident.

• If you are an IT professional at U of T, review the plan to become familiar with the incident response process.
• Use the plan as a template to build the incident response plan for your department/unit – the plan is not meant to be used as is. However, incident severity and notification to Information Security need to be followed as written.
• Ensure that the plan you create is specific to your department/unit.