Security | Information Technology | University of Pittsburgh
!

Security

Overview

As a student, faculty, or staff member, you have access to a wealth of security services and tools that will help you protect your computer, safeguard personal information, and secure sensitive University data. Pitt Information Technology proactively monitors the University's network to identify potential security threats and quickly respond to security issues. We offer a large variety of services, information, and tools to educate to the University community about information security, account and system protection, report an incident, or request a digital certification. We are responsible for helping ensure the University's computing environment is protected from cyberthreats such as viruses, Trojan horses, hackers, and other security threats. To meet this goal, we have helped the University establish security policies that provide guidance on protecting computers as well as sensitive information from security threats. In addition, we assist University administration with adhering to state and federal regulations regarding technology. Please refer to our IT Policies page for more information.

Security Incident Response

The National Institute of Standards and Technology’s Cybersecurity Framework is used to more effectively classify risk and set strategic security priorities at the University of Pittsburgh. To help protect the University, we utilize a robust and layered array of centralized security measures. These measures include application monitoring, enterprise network firewalls, network monitoring, proactive auditing, VPN solutions, security reviews of third-party vendors, advanced detection and prevention tools, and more.

Incident response services are offered to help the University mitigate damage or losses that can be caused by security threats. We are responsible for authorizing administrative access to Student Record Systems, including the Student Information System (PeopleSoft).

Email and Account Security

Security Vulnerability Assessment

As the complexity of the technology environment grows and related security threats increase, there is a need for every University unit to use available tools and services to protect University information and resources. While many security controls in place for the University are administered centrally, it requires the support of the deans, directors, and department chairs throughout the University to ensure that each area is implementing the unit-level security controls.

  • Centralized security measures and tools are provided to help students, faculty, and staff protect computer workstations, portable devices, and servers, including antivirus software, encryption tools, and security assessment tools. Many of these tools are available to faculty and staff on the SecureU SharePoint site. By following the provided steps and taking advantage of the downloads in the SecureU site, university units will have the necessary security controls in place to protect their computing resources and sensitive information.
  • Protecting sensitive University information and computing resources against the latest security threats is a daunting challenge. The University’s centralized security controls offer a strong first line of defense. These controls have been implemented across the University for email, websites, and firewalls. While these services are a critical element of information security, each individual faculty and staff member also has a responsibility to take personal action. In addition, information technology (IT) professionals must take further steps to protect departmental resources. Deans, directors and department chairs are ultimately responsible for ensuring compliance within their units.

Security Awareness and Training