Skip to content
You are using an unsupported browser. For best results please use the latest versions of Chrome, Edge, Firefox or Safari.

ISC Incident Response Planning Working Group

Terms of reference

Purpose

The purpose of the working group is to develop a set of recommendations as outlined in our mandate below and bring them forth to the Information Security Council (ISC).

Mandate

  1. Review the existing Incident Response Plan on a regular basis.
  2. Review current tools and capabilities – ability to prevent, detect, investigate and respond to an incident.
  3. Engage the Crisis Management team to ensure alignment.
  4. Ensure alignment with Business Continuity, Disaster Recovery and Availability Planning.
  5. Engage with an external consultant to review and provide guidance of our Incident Response Plan.
  6. Ensure there is a section on crisis communications, including review of legal requirements (external consultation).
  7. Evaluate cyber insurance and the alternative for retaining specific skills needed in event of a significant incident.
  8. Develop a program around a table top exercise(s) and walk-through drill/simulation test (external vendor).
  9. Provide input into the information security awareness program.
  10. Conduct post-hoc reviews of measures taken in response to digital emergencies and/or breaches concerning digital assets and their remediation, and based on these, make recommendations for future responses (determine root cause and document lessons learned).

Process

The working group will seek input from key stakeholders and other interested parties (i.e. faculties and divisions, crisis management team, communications team, central and divisional IT units). Its findings will be documented in the form of an interim report and a final report and will be presented to the ISC.

Timing

  1. Initial meetings and consultations: TBD
  2. Interim report submitted to the Information Security Council: TBD
  3. Final report submitted to the Information Security Council: TBD

Membership

Name
Division/Department
Kalyani Khati (co-chair) Associate Director, Information Security Strategic Initiatives, Information Technology Services
Sotira Chrisanthidis (co-chair) Divisional IT Director, Information & Instructional Technology, Faculty of Arts & Science
Anthony Betts Director, Information & Instructional Technology Services, UTM
Vandana Bhamidi Senior Auditor, Internal Audit
Rafael Eskenazi Director, Freedom of Information and Protection of Privacy Office
Humberto Ferreira Executive Director, Information Management, Division of University Advancement
Deyves Fonseca Associate Director for Operations, Information Security, ITS
Patrick Hopewell Director, Enterprise Information Solutions, ITS
Elias Karamitsos Service Delivery Lead, Information & Instructional Technology Services, UTSC
John Kerr Director, Risk Management and Insurance, Finance
Alex Matos Director, Internal Audit
Priya Murugaiah Senior Manager, Client Services, Faculty of Arts & Science
Byron Qu Director, Information & Learning Technology, The Leslie Dan Faculty of Pharmacy
Amaz Taufique Manager, Enterprise Infrastructure and Staff Technology
Alex Tichine Director, Information Technology, Faculty of Applied Science and Engineering
Andrew Wagg Manager, Incident Response, Information Security, ITS