Information Security Training | Information Technology | University of Pittsburgh

You are here

Information Security Training

Pitt Information Technology has a robust array of centralized security measures and controls to protect the University’s network infrastructure and data, but we need your help! Everyone affiliated with Pitt has a shared responsibility to protect the University’s computing environment. Pitt IT wants to provide you with the knowledge and tools needed to protect yourself and the University from cyber threats.

Pitt IT is now offering an exciting portfolio of security awareness resources to all faculty, staff, and student workers to help introduce you to information security best practices and keep your cyber skills sharp. These online training courses are available from the highly regarded KnowBe4 Security Awareness Training library. 

Security awareness training will help you better understand the cyber threats facing the University community and prepare you to identify those threats and protect yourself, your colleagues, and the University of Pittsburgh from cyber-attacks

Access Pitt IT Information Security Training >

Course Offerings

Courses are made up of one or more training modules that cover the required topics. Once logged in to the training portal, you will see the training modules assigned to you. The descriptions below describe the content of each course, including the modules that must be completed to receive credit.

The portal is split between two tabs in the upper left, next to the Pitt IT logo. Required training modules that must be completed within a specific timeframe, such as Security Awareness Foundations, are listed under the Training tab. Optional or Supplemental training modules, such as Phishing, Travel, or Remote Work, can be found under the Library tab:

Image showing location of Training and Library tabs

Security Awareness Foundations

This required training course covers a range of essential information security topics based on NIST 800-50 recommendations, including how to identify social engineering and phishing attacks, password strength, social media use, safe web browsing, and what to do when you suspect a data breach.

  • Number of modules: 1

  • Approximate duration: 25 minutes 

  • Training Modules: Security Awareness Foundations

Business and International Travel

Protecting University equipment and data can be difficult while traveling. This interactive training course aims to help prepare you to face these challenges and covers topics such as what to do before leaving the office, protecting your data while in public locations, and what to do when you return.

  • Number of modules: 1

  • Approximate duration: 10 minutes

  • Training Modules:  Safe Travels for Road Warriors


The Family Educational Rights and Privacy Act (FERPA) is a federal law that protects the privacy of student and education records and applies to all schools that receive U.S. Department of Education funding. This interactive training course will help you identify information protected by FERPA and how to maintain the privacy of this information.

  • Number of Modules: 1

  • Approximate Duration: 9 minutes

  • Training Modules: FERPA (Education)


The Federal Information Security Management Act (FISMA) refers to U.S. legislation that defines a comprehensive framework for protecting U.S. federal government information, operations, and assets. This series of modules helps to build upon your foundational information security knowledge and skills to help the University safeguard federal government data regulated by FISMA. All modules must be completed to receive credit for completing this course.

  • Number of Modules: 3

  • Approximate Duration: 45 minutes

  • Training Modules: 2022 Your Role: Internet Security and You, Identity Theft and Data Breaches, PII and You

  • Also Recommended: Phishing Foundations


The General Data Protection Regulation (GDPR) is a data security and privacy law enacted by the European Union (EU) and protects data collected in relation to EU citizens. The goal of this interactive training course is to familiarize yourself with GDPR and how it may impact your job function.

  • Number of Modules: 1

  • Approximate Duration: 15 minutes

  • Training Modules: An Introduction to the General Data Protection Regulation (GDPR)


The Gramm-Leach Bliley Act (GLBA) requires financial institutions to disclose their information sharing practices and protect sensitive customer data. This interactive training course aims to help you identify nonpublic personal information (NPI) and understand the requirements set by the GLBA regulation.

  • Number of Modules: 1

  • Approximate Duration: 15 minutes

  • Training Modules: GLBA: Information Security Awareness Training

Insider Threats

The U.S. Department of Homeland Security advises that “insider threats, to include sabotage, theft, espionage, fraud, and competitive advantage are often carried out through abusing access rights, theft of materials, and mishandling physical devices. Threats can also result from employee carelessness or policy violations that allow system access to malicious outsiders. These activities typically persist over time, and occur in all types of work environments, ranging from private companies to government agencies.” This interactive training module will help you to understand and identify the different types of insider threats facing the University, and tips for how you can avoid becoming one yourself.

  • Number of Modules: 1

  • Approximate Duration: 10 minutes

  • Training Modules: Insider Threats for End Users

IT Staff

Being a member of IT comes with additional responsibilities and risks, primarily due to having trusted and privileged access to University resources that non-IT staff members do not. This series aims to help make you aware of the heightened risks associated with IT job roles and provide you with the knowledge to ensure that University assets and data remain protected. All modules must be completed to receive credit for completing this course.

  • Number of Modules: 2

  • Approximate Duration: 25 minutes

  • Training Modules: Call Center & Help Desk Awareness, Privileged User Security Series: Privileged Access

  • Also Recommended: Phishing Foundations, Remote Work: Cyber and Physical Security, Remote Work: Keeping It Private, Remote Work: Setting Everything Up


The Payment Card Industry (PCI) Data Security Standard (DSS) is a global information security standard designed to prevent theft and fraud through improved credit card data security practices.  This training course covers information essential for becoming and maintaining compliance with PCI DSS.

  • Number of Modules: 1

  • Approximate Duration: 25 minutes 

  • Training Modules: PCI Simplified

Phishing Foundations

According to the FBI’s 2020 Internet Crime Report, phishing was the most common type of cyber-attack, resulting in over $54 million in losses. Unlike other types of cyber threats, phishing attacks often target the most vulnerable point in any organization’s cybersecurity infrastructure, its people. Phishing emails appear legitimate and often bypass filters and antivirus software meant to protect you and the University. Therefore, recognizing and reporting phishing attempts is vital for helping Pitt IT combat these attacks. This interactive training course explains how a phishing attack works, how to recognize one, and what to do if this scam targets you. 

  • Number of modules: 1

  • Approximate duration: 15 minutes

  • Training Modules: Phishing Foundations


According to the U.S. Cybersecurity & Infrastructure Security Agency (CISA), the FBI’s Internet Crime Complaint Center (IC3) received over 2,000 reported incidents of ransomware attacks between January and July of 2021 alone, with estimated losses of $16.8 million. Ransomware attempts to hold your files and data hostage and demands money for its release, and it is an increasingly dangerous and popular tactic among cyber criminals. This course will introduce you to ransomware, how it works, and how to identify potential attacks.

  • Number of Modules: 1

  • Approximate Duration: 5 minutes

  • Training Modules: Micro-module – Introduction to Ransomware

Remote Work 

Working remotely introduces information security concerns you may not always think about while in the office or classroom. This series covers several topics to reduce risk while working from home or from an alternate work location, including securing your workspace and maintaining privacy. All modules must be completed to receive credit for completing this course.

  • Number of modules: 3

  • Approximate duration: 45 minutes

  • Training Modules: Remote Work: Cyber and Physical Security, Remote Work: Keeping It Private, Remote Work: Setting Everything Up