Understanding Information Security Training

Overview

Pitt Information Technology has a robust array of centralized security measures and controls to protect the University’s network infrastructure and data, but we need your help! Everyone affiliated with Pitt has a shared responsibility to protect the University’s computing environment. Pitt IT wants to provide you with the knowledge and tools needed to protect yourself and the University from cyber threats.

Pitt IT is now offering a portfolio of security awareness resources to students, faculty, and staff to help introduce you to information security best practices and keep your cyber skills sharp. These online training courses are available from the highly regarded KnowBe4 Security Awareness Training library.

Security awareness training will help you better understand the cyber threats facing the University community and prepare you to identify those threats and protect yourself, your colleagues, and the University of Pittsburgh from cyberattacks

ACCESS PITT IT INFORMATION SECURITY TRAINING >

Request Training 

Pitt IT Security can provide your School or Department with Security training on specific topics that are important or relevant to your operations.  To request specific Security training, please complete the Security Training Request form.  Once completed, a member of the Pitt IT Security team will contact you to discuss your request and determine the best training options for you.   

Detail

Course Offerings

Courses are made up of one or more training modules that cover the required topics. Once logged in to the training portal, you will see the training modules assigned to you. The descriptions below describe the content of each course, including the modules that must be completed to receive credit.

The training portal is split between multiple tabs, which can be viewed by clicking the links in the upper left next to the Pitt IT logo. The available tabs are DashboardTrainingLibrary, and Badges.
 
Dashboard

By default, when logging into the training portal you will be taken to your training Dashboard. This page provides you with an overview of your assigned training, current status, and upcoming due dates. You will also be shown your progress toward various badges, which are earned by completing certain training challenges.
 
Training

Training that has been assigned to you is listed under the Training tab. 
 
Library

Other training available to you is listed under the Library tab. Use the arrow buttons to browse through the list of available courses that have been Recommended by Your Organization, or to pick up where you left off under Continue Learning.
 
Badges

Badges that are available for your to earn, and more information about how to earn them, can be found under the Badges tab. Badges are personal goals to help you stay motivated and continue learning, and are purely optional.

Image showing the Dashboard, Training, Library, and Badges tabs

 

Security Awareness Foundations

This required training course covers a range of essential information security topics based on NIST 800-50 recommendations, including how to identify social engineering and phishing attacks, password strength, social media use, safe web browsing, and what to do when you suspect a data breach.

  • Number of modules: 1
  • Approximate duration: 25 minutes 
  • Training Modules: Security Awareness Foundations

 

Business and International Travel

Protecting University equipment and data can be difficult while traveling. This interactive training course aims to help prepare you to face these challenges and covers topics such as what to do before leaving the office, protecting your data while in public locations, and what to do when you return.

  • Number of modules: 1
  • Approximate duration: 10 minutes
  • Training Modules:  Safe Travels for Road Warriors

 

Disinformation

Disinformation is the intentional creation and dissemination of false or misleading information. It has far reaching consequences, and distinguishing real from made-up information, especially online, is getting more and more difficult. This course explores disinformation, how to identify it, and how to protect yourself and the University from it.

  • Number of modules: 1
  • Approximate duration: 10 minutes 
  • Training Modules: Spot and Stop the Spread of Disinformation

 

FERPA

The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student and education records and applies to all schools that receive U.S. Department of Education funding. This interactive training course will help you identify information protected by FERPA and how to maintain the privacy of this information.

  • Number of Modules: 1
  • Approximate Duration: 9 minutes
  • Training Modules: FERPA (Education)

 

GDPR

The General Data Protection Regulation (GDPR) is a data security and privacy law enacted by the European Union (EU) and protects data collected in relation to EU citizens. The goal of this interactive training course is to familiarize yourself with GDPR and how it may impact your job function.

  • Number of Modules: 1
  • Approximate Duration: 15 minutes
  • Training Modules: An Introduction to the General Data Protection Regulation (GDPR)

 

GLBA

The Gramm-Leach Bliley Act (GLBA) requires financial institutions to disclose their information sharing practices and protect sensitive customer data. This interactive training course aims to help you identify nonpublic personal information (NPI) and understand the requirements set by the GLBA regulation.

  • Number of Modules: 1
  • Approximate Duration: 15 minutes
  • Training Modules: GLBA: Information Security Awareness Training

 

HIPAA Covered Components

University personnel within divisions and business units that are considered to be Covered Components under the Health Insurance Portability and Accountability Act (HIPAA) are required to complete this course as part of the University’s HIPAA Compliance Program. Please contact the Office of Compliance, Investigations, and Ethics with questions by visiting https://www.compliance.pitt.edu.

  • Number of modules: 2
  • Approximate duration: 24 minutes
  • Training Modules: HIPAA Compliance Module for End Users, FERPA (Education)

 

Insider Threats

The U.S. Department of Homeland Security advises that “insider threats, to include sabotage, theft, espionage, fraud, and competitive advantage are often carried out through abusing access rights, theft of materials, and mishandling physical devices. Threats can also result from employee carelessness or policy violations that allow system access to malicious outsiders. These activities typically persist over time, and occur in all types of work environments, ranging from private companies to government agencies.” This interactive training module will help you to understand and identify the different types of insider threats facing the University, and tips for how you can avoid becoming one yourself.

  • Number of Modules: 1
  • Approximate Duration: 10 minutes
  • Training Modules: Insider Threats for End Users

 

IT Staff

Being a member of IT comes with additional responsibilities and risks, primarily due to having trusted and privileged access to University resources that non-IT staff members do not. This series aims to help make you aware of the heightened risks associated with IT job roles and provide you with the knowledge to ensure that University assets and data remain protected. All modules must be completed to receive credit for completing this course.

  • Number of Modules: 2
  • Approximate Duration: 25 minutes
  • Training Modules: Call Center & Help Desk Awareness, Privileged User Security Series: Privileged Access
  • Also Recommended: Phishing Foundations, Remote Work: Cyber and Physical Security, Remote Work: Keeping It Private, Remote Work: Setting Everything Up

 

PCI DSS

The Payment Card Industry (PCI) Data Security Standard (DSS) is a global information security standard designed to prevent theft and fraud through improved credit card data security practices.  This training course covers information essential for becoming and maintaining compliance with PCI DSS.

  • Number of Modules: 1
  • Approximate Duration: 25 minutes 
  • Training Modules: PCI Simplified

 

Phishing Foundations

According to the FBI’s 2020 Internet Crime Report, phishing was the most common type of cyber-attack, resulting in over $54 million in losses. Unlike other types of cyber threats, phishing attacks often target the most vulnerable point in any organization’s cybersecurity infrastructure, its people. Phishing emails appear legitimate and often bypass filters and antivirus software meant to protect you and the University. Therefore, recognizing and reporting phishing attempts is vital for helping Pitt IT combat these attacks. This interactive training course explains how a phishing attack works, how to recognize one, and what to do if this scam targets you. 

  • Number of modules: 1
  • Approximate duration: 15 minutes
  • Training Modules: Phishing Foundations

 

PHI Workforce

University personnel not part of a HIPAA Covered Component but who may encounter Protected Health Information (PHI) as part of their regularly assigned duties are required to complete this course as part of the University’s HIPAA Compliance Program. Please contact the Office of Compliance, Investigations, and Ethics with questions by visiting https://www.compliance.pitt.edu.

  • Number of Modules: 3
  • Approximate Duration: 21 minutes
  • Training Modules: FERPA (Education), Handling Sensitive Information Securely, Part 1, Handling Sensitive Information Securely, Part 2

 

PII and Identity Theft Prevention

NOTE: Completion of this course also meets the training requirements for the Federal Information Security Management Act (FISMA) and FAR 52.224-3

According to the FBI’s annual Internet Crime Report, identity theft was one of the top five crimes reported in 2021 with over 51,600 cases. Protecting Personally Identifiable Information (PII) is critical to preventing identity theft and ensuring the integrity of your identity. This series of modules helps build upon your foundational information security knowledge and skills to help you safeguard the PII entrusted to the University by its community. All modules must be completed to receive credit for completing this course.

  • Number of Modules: 3
  • Approximate Duration: 45 minutes
  • Training Modules: 2022 Your Role: Internet Security and You, Identity Theft and Data Breaches, PII and You

 

Ransomware

According to the U.S. Cybersecurity & Infrastructure Security Agency (CISA), the FBI’s Internet Crime Complaint Center (IC3) received over 2,000 reported incidents of ransomware attacks between January and July of 2021 alone, with estimated losses of $16.8 million. Ransomware attempts to hold your files and data hostage and demands money for its release, and it is an increasingly dangerous and popular tactic among cyber criminals. This course will introduce you to ransomware, how it works, and how to identify potential attacks.

  • Number of Modules: 1
  • Approximate Duration: 5 minutes
  • Training Modules: Micro-module – Introduction to Ransomware

 

Remote Work 

Working remotely introduces information security concerns you may not always think about while in the office or classroom. This series covers several topics to reduce risk while working from home or from an alternate work location, including securing your workspace and maintaining privacy. All modules must be completed to receive credit for completing this course.

  • Number of modules: 3
  • Approximate duration: 45 minutes
  • Training Modules: Remote Work: Cyber and Physical Security, Remote Work: Keeping It Private, Remote Work: Setting Everything Up

 

Details

Article ID: 542
Created
Mon 11/27/23 3:11 PM
Modified
Fri 4/19/24 7:22 AM