CNS Navigation Bar

Best Practices

Back to UTORProtect Page

All computer security incidents should be reported to Computer Security Administration. This enables Computer Security Administration to monitor and investigate computer security incidents involving University computers and users. Computer Security Administration is able to draw upon other resources within Computing & Networking Services to protect University networks and systems in order to minimize disruption of services caused by such incidents.

In an emergency you can reach us by calling the Security Hotline at 416-978-1354.

Computer Security Administration also keeps tracks of the number and type of security incidents in order to provide regular reports to senior management on the state of University networks.

What sort of incidents should be reported?
To whom should incidents be reported?
Incident Response/Tracking Procedure

What sort of incidents should be reported?

  • Hacking attacks
  • Unauthorized access and use of computing resources
  • Harassment and threats using e-mail
  • Denial of Service attacks
  • Malicious code (Viruses, worms, etc.)

To whom should incidents be reported?

Generally speaking, incidents should be reported through your SYstem/Network Administrator). If you do not have an Administrator or know who your Administrator is, you may contact Computer Security Administration directly by sending e-mail to

If the incident is serious and will cause serious disruption/damage to your network or operation please submit your report to This account is monitored 7x24.

How should incidents be reported?

In order to ensure that Computer Security Administration is able to investigate incidents, it is critical that any system logs (in case of hacking attacks or unauthorized access) and e-mail headers (in case of incidents involving the use of e-mail) are saved.

Detailed logs should include information such as date and time of attack, IP numbers, protocols used, etc.

Since the forging of e-mail addressed is quite easy to do, it is important that e-mail headers are forwarded to Computer Security Administration in order to enable them to identify the origin of an e-mail message. If you are using MS Outlook or Outlook Express, you can view and copy the e-mail headers of a message as follows:

  • Open the message and click on View
  • Choose Options from the drop-down menu
  • The system will open a window which include the Internet headers
  • Highlight the headers using your mouse and then right click and Copy the headers

Incident Response/Tracking Procedure

  • Report sent to or (during non-business hours only).
  • The report is recorded i our tracking system and assigned a unique Security Incident Tracking (SIT) number.
  • The report is acknowledged.
  • If necessary, the individual submitting the incident report is asked to forward logs, e-mail headers, or other information necessary to assist the University ino investigating the incident.
  • The incident is assigned to an individual within Computing & Networking Services for investigation.
  • The System/Network Administrator responsible for the system from which the incident originated is contacted and asked to investigate.
  • The System/Network Administrator investigating the incident reports his/her findings and actions taken to Computing & Networking Services.
  • If necessary, the incident is escalated to management for further action (such as authorizing the suspension of network connections, user accounts, etc. as necessary to minimize the effect of the incident on the rest of the University community or outside resources.
  • Once the incident is resolved, the individual who submitted the report is notified and informed on how the status of the incident report.


All contents copyright University of Toronto 2000-2003
This Site is maintained by the Computer Security Administration Group
Comments & Questions