Security | Page 2 | Information Technology | University of Pittsburgh
!

You are here

Security

You're Protected with Duo Multifactor Authentication

Multifactor authentication, provided by Duo Security, adds another layer of security to your online accounts when using Pitt Passport. Two “factors” are required to verify your identity when you log in to a service. You'll need something you know (your password) and something only you have (such as your mobile phone, on which you will receive a login confirmation notice).

Learn More about Duo

Guide to Identifying Personally Identifiable Information (PII)

This guide provides University buyers guidance on how to identify personally identifiable information (PII) when negotiating service agreements or issuing purchase orders for work to be performed by outside vendors. If the vendor will handle, process or have the ability to access PII, then buyers must take the following steps:

Data Risk Classification and Compliance

Data Risk Classification

The University of Pittsburgh takes seriously its commitment to protecting the privacy of its students, alumni, faculty, and staff and protecting the confidentiality, integrity, and availability of information essential to the University's academic and research mission. For that reason, we classify our information assets into risk categories to determine who may access the information and what minimum security precautions must be taken to protect it against unauthorized access.

Request Access to the Student Data Mart

Overview

Requests for access to the University of Pittsburgh’s Student Mart can be submitted using an online form. The designated Security Contact for your area may submit a request for access on your behalf. If they do, you will receive an email message asking you to review and approve, by signing, the request. Complete the following steps to review and sign the request.

Note: These instructions apply to all requests for access to the Student Mart, including requests for restricted access.

Pitt students at Pitt Hackathon

EMAIL AND ACCOUNT SECURITY

Keep Your Accounts, Yours

The Account Administration service enables the University to manage its account services in an effort to securely verify and protect its identity with tools, such as Multifactor Authentication and Federated Authorization Process (Student Mart Access).

Those who utilize our Pitt Email (Outlook) service are also provided with access to select services to securely manage email communications with Advanced Threat Protection and Enterprise Spam and Virus Filter Service with Exchange Online Protection (EOP).

IT GOVERNANCE

Practice Good Governance with Our Guidance

Pitt IT regularly updates its security knowledge base with the latest governance standards, while also ensuring the University’s safety against external attacks and internal accidents with industry-leading security methods and best-practices. Request guidance or support from Pitt IT or learn more with the resources below.

IT Governance and Regulatory Compliance

Maintain compliance with applicable laws and regulations for restricted data (e.g., DFARS/CMMC, FERPA, GDPR/PIPL, GLBA, HIPAA, NIST 800-171, PCI)

Data Classification & Compliance

Protect the privacy of students, alumni, faculty, and staff through precautions and data classifications measures that guard against unauthorized access.

Governance & Policy Security Guides

Maintain safety practices around policies and standards with our easy-to-follow guides — developed and maintained for accuracy by Pitt IT Security and organized below.

pitt individuals working on computers

IT POLICIES AND PROCEDURES

Master University Guidelines

Pitt IT has partnered with University communities to establish security policies that help protect computers and information from security threats — such as viruses, Trojan horses, hackers, and other forms of cybercrime.

Review these policies to help your department protect its data, while also adhering to state and federal regulations regarding technology.

View IT Policies & Information

IT SECURITY AUDIT SUPPORT

Manage Security Audits with Our Help

Pitt IT Security is available to assist departments and schools in all IT security audit needs — including regulatory requests. Contact us for expert guidance in managing and executing audit processes through risk identification, evaluation, and mitigation.

IT Audit Guidance

Request risk-based security audits from Pitt IT Security to determine if your University data is adequately protected. Assistance is also offered in cases where departments are requested to perform and report internal IT audits.

IT Risk Management

Improve your departmental risk identification, evaluation, and mitigation capabilities by working with Pitt IT Security to identify risks, assess any potential impacts, and lessen risks by implimenting mitigation controls.

IT Contract & Agreement Review Service

Review contracts and agreements with our guidance to determine if your department and the University can meet contractually obligated data-security requirements.

THREAT AND INCIDENT MANAGEMENT

Identify Risks Before They Become Threats

Pitt IT Security can help you identify potential threats before they become issues for your department. Are you concerned that your data has already been compromised? Pitt IT Security will help you assess the situation, manage the incident, and respond to University stakeholders and legal partners.

IT SECURITY ARCHITECTURE AND ENGINEERING

Build a Security Strategy that Fits Your Needs

Security architecture can help you design and document key elements of your overall security program, which ensures that your department and users can understand and utilize methods for creating safe, collaborative digital environments. Pitt IT Security will work closely with you to create a well-defined strategy that fits your needs and uses industry-leading best practices to enable your department’s security and success.

Strategy and Design

Plan and create your IT environment with security as a top priority.

Security Tooling

Implement the proper tools and security measures for your needs.

Solution Engineering

Design and develop secure solutions that fit your unique work processes and data needs.