Categories (1)

Articles (9)

General Security Risk Assessments and Consultations

Security consultations are helpful to understand the risks of data management, how security controls should be implemented to adhere to compliance and risk requirements, and to assist choosing the appropriate IT infrastructure for a project.

Learn About Enterprise Network Security Controls

Electronically stored academic, administrative, and research information is a critical University resource. All University units are required to use enterprise email, web services, and network firewalls. These Enterprise Security Controls help protect University data and significantly reduce security vulnerabilities. See the Enterprise Security Controls Policy for additional information about these requirements.

Learning About Vulnerability Management

Developed in response to compliance requirements, the Vulnerability Management program helps University units implement robust vulnerability management processes and procedures. It enables units to quickly identify and mitigate risks to University data and system, and it ensures Pitt remains in compliance with applicable laws and regulations.

Requesting a Security Consultation

A security consultation is a discussion between your team and Pitt IT Security with the goal of helping your team understand the risks of processing, storing, and transmitting University data. During a consultation, Pitt IT Security will ask questions to develop a risk profile, such as:

Starting a System Security Plan Development

A system security plan is a formal document that provides an overview of a system's security requirements and describes the security controls in place (or planned) for meeting those requirements. System security plans are helpful because they are a documented guide for implementing adequate security controls based on compliance requirements, such as the HIPAA security rule or any risk associated with the data.

Understanding Information Security Architecture and Engineering

The primary function of security architecture is to design, document, and communicate the components of a security program in a consistent manner. As such, the primary outcome of security architecture is a well-defined strategy that connects business drivers with technical implementation guidance.

Understanding Payment Card Industry Data Security Standard (PCI DSS) Policies and Controls

Any University unit that collects credit card information must have security controls in place that comply with the Payment Card Industry Data Security Standard ("PCI").

Understanding the Gramm-Leach-Bliley Act

The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act, includes provisions to protect consumers' personal financial information held by financial institutions.

Understanding University Information Security Policies

The University's information security policies and procedures