Security | Information Technology | University of Pittsburgh
!

Security

Overview

As a student, faculty, or staff member, you have access to a wealth of security services and tools that will help you protect your computer, safeguard personal information, and secure sensitive University data. Computing Services and Systems Development proactively monitor the University's network to identify potential security threats and quickly respond to security issues. We offer a large variety of services, information, and tools to educate to the University community about information security, account and system protection, report an incident, or request a digital certification. We are responsible for helping ensure the University's computing environment is protected from cyber threats such as viruses, Trojan horses, hackers, and other security threats. To meet this goal, we have helped the University establish security policies that provide guidance on protecting computers as well as sensitive information from security threats. In addition, we assist University administration with adhering to state and federal regulations regarding technology. Please refer to our IT Policies page for more information.

Security Incident Response

The National Institute of Standards and Technology’s Cybersecurity Framework is used to more effectively classify risk and set strategic security priorities at the University of Pittsburgh. To help protect the University, we utilize a robust and layered array of centralized security measures. These measures include application monitoring, enterprise network firewalls, network monitoring, proactive auditing, VPN solutions, security reviews of third-party vendors, advanced detection and prevention tools, and more.

Incident response services are offered to help the University mitigate damage or losses that can be caused by security threats. We are responsible for authorizing administrative access to Student Record Systems, including the Student Information System (PeopleSoft).

Email and Account Security

Security Vulnerability Assessment

As the complexity of the technology environment grows and related security threats increase, there is a need for every University unit to use available tools and services to protect University information and resources. While many security controls in place for the University are administered centrally, it requires the support of the deans, directors, and department chairs throughout the University to ensure that each area is implementing the unit-level security controls.

  • Centralized security measures and tools are provided to help students, faculty, and staff protect computer workstations, portable devices, and servers, including antivirus software, encryption tools, and security assessment tools. Many of these tools are available to faculty and staff on the Secure Your Data community at My Pitt (my.pitt.edu). By following the provided steps in the Secure Your Data community, university units will have the necessary security controls in place to protect their computing resources and sensitive information. Recommended actions are as follows:
    • Faculty and staff within the unit should install and use the security tools and services available through the links in the Faculty & Staff section. These tools will protect against viruses and spyware, keep security patches up to date, and assist with the recovery of lost or stolen laptops. Unauthorized sensitive information contained on computers or portable devices should be discovered and removed using these tools, and authorized sensitive information should be encrypted. Recommended schedules for running and updating these tools are included in this section.
    • Departmental IT staff should install and use the security tools and services available through the IT Staff link to implement proper security on all departmental servers.
    • Faculty and staff should be aware of the University security policies and standards, which include proper use of social security numbers. Copies are located on the Faculty & Staff and IT Staff sections of the community.
  • Protecting sensitive University information and computing resources against the latest security threats is a daunting challenge. The University’s centralized security controls offer a strong first line of defense. These controls have been implemented across the University for email, websites, and firewalls. While these services are a critical element of information security, each individual faculty and staff member also has a responsibility to take personal action. In addition, information technology (IT) professionals must take further steps to protect departmental resources. Deans, directors and department chairs are ultimately responsible for ensuring compliance within their units.

Security Awareness and Training