Information Security Services | Information Systems & Technology Annual Report

Fostering a culture of cyber awareness

ISS launched a successful campaign this past October, working to raise cybersecurity awareness across the University of Waterloo through a coordinated set of activities.

The campaign’s purpose was to increase IST Security’s visibility, foster a culture of cyber awareness, and connect everyday practices with protecting work, research, learning, and personal life. The campaign included weekly tips shared via storytelling, targeted information sessions, and the creation of a new cybersecurity newsletter to extend engagement beyond October.

By combining strong communication channels, practical tips, and audience-focused events, the campaign demonstrated that cybersecurity is not just a compliance requirement but an essential part of protecting our community.

Sign up for Waterloo’s Cyber Awareness Newsletter for practical tips to help avoid pitfalls, protect accounts, and keep data safe. Cybersecurity doesn’t stop after October.

Other 2025 accomplishments

Some of the other great work from the past year

Updates to incident response plan

Review and updates to the University's incident response continues, including the development of playbooks for response and implementation of new standards, and will be ready for publication in early 2026.

Responsible Use of AI Guidelines

ISS collaborated with other IST groups to develop guidance for responsible use of AI tools and AI-enabled systems. This guidance defines categories of tools from unreviewed to approved, and outlines how each may be responsibly used with University data. The guidance supports safe adoption and experimentation across multiple domains, and includes safeguards for security and privacy.

Upcoming 2026 initiatives

A look at what we'll be working on in 2026

Information security tabletop exercises

Information Security Services will partner with the Safety Office and our experienced Information Security contractor to take a proactive approach to training and testing our information security response procedures.

Information Risk Assessment (IRA) process review

This initiative will review and refine our approach to IRAs to create a transparent, consistent, and repeatable process that ensures resources are focused where they matter most. This foundational effort will drive smarter decision-making, strengthen governance, and lay the groundwork for future security standards, building a stronger framework for effective and efficient risk management.