Understanding Information Security Training


Pitt Information Technology has a robust array of centralized security measures and controls to protect the University’s network infrastructure and data, but we need your help! Everyone affiliated with Pitt has a shared responsibility to protect the University’s computing environment. Pitt IT wants to provide you with the knowledge and tools needed to protect yourself and the University from cyber threats.

Pitt IT is now offering a portfolio of security awareness resources to students, faculty, and staff to help introduce you to information security best practices and keep your cyber skills sharp. These online training courses are available from the highly regarded KnowBe4 Security Awareness Training library.

Security awareness training will help you better understand the cyber threats facing the University community and prepare you to identify those threats and protect yourself, your colleagues, and the University of Pittsburgh from cyberattacks


Request Training 

Pitt IT Security can provide your School or Department with Security training on specific topics that are important or relevant to your operations.  To request specific Security training, please complete the Security Training Request form.  Once completed, a member of the Pitt IT Security team will contact you to discuss your request and determine the best training options for you.   


Course Offerings

Courses are made up of one or more training modules that cover the required topics. Once logged in to the training portal, you will see the training modules assigned to you. The descriptions below describe the content of each course, including the modules that must be completed to receive credit.

The training portal is split between multiple tabs, which can be viewed by clicking the links in the upper left next to the Pitt IT logo. The available tabs are DashboardTrainingLibrary, and Badges.

By default, when logging into the training portal you will be taken to your training Dashboard. This page provides you with an overview of your assigned training, current status, and upcoming due dates. You will also be shown your progress toward various badges, which are earned by completing certain training challenges.

Training that has been assigned to you is listed under the Training tab. 

Other training available to you is listed under the Library tab. Use the arrow buttons to browse through the list of available courses that have been Recommended by Your Organization, or to pick up where you left off under Continue Learning.

Badges that are available for your to earn, and more information about how to earn them, can be found under the Badges tab. Badges are personal goals to help you stay motivated and continue learning, and are purely optional.

Image showing the Dashboard, Training, Library, and Badges tabs


Security Awareness Foundations

This required training course covers a range of essential information security topics based on NIST 800-50 recommendations, including how to identify social engineering and phishing attacks, password strength, social media use, safe web browsing, and what to do when you suspect a data breach.

  • Number of modules: 1
  • Approximate duration: 25 minutes 
  • Training Modules: Security Awareness Foundations


Business and International Travel

Protecting University equipment and data can be difficult while traveling. This interactive training course aims to help prepare you to face these challenges and covers topics such as what to do before leaving the office, protecting your data while in public locations, and what to do when you return.

  • Number of modules: 1
  • Approximate duration: 10 minutes
  • Training Modules:  Safe Travels for Road Warriors



The General Data Protection Regulation (GDPR) is a data security and privacy law enacted by the European Union (EU) and protects data collected in relation to EU citizens. The goal of this interactive training course is to familiarize yourself with GDPR and how it may impact your job function.

  • Number of Modules: 1
  • Approximate Duration: 15 minutes
  • Training Modules: An Introduction to the General Data Protection Regulation (GDPR)


HIPAA Covered Components

University personnel within divisions and business units that are considered to be Covered Components under the Health Insurance Portability and Accountability Act (HIPAA) are required to complete this course as part of the University’s HIPAA Compliance Program. Please contact the Office of Compliance, Investigations, and Ethics with questions by visiting https://www.compliance.pitt.edu.

  • Number of modules: 2
  • Approximate duration: 24 minutes
  • Training Modules: HIPAA Compliance Module for End Users, FERPA (Education)


Insider Threats

The U.S. Department of Homeland Security advises that “insider threats, to include sabotage, theft, espionage, fraud, and competitive advantage are often carried out through abusing access rights, theft of materials, and mishandling physical devices. Threats can also result from employee carelessness or policy violations that allow system access to malicious outsiders. These activities typically persist over time, and occur in all types of work environments, ranging from private companies to government agencies.” This interactive training module will help you to understand and identify the different types of insider threats facing the University, and tips for how you can avoid becoming one yourself.

  • Number of Modules: 1
  • Approximate Duration: 10 minutes
  • Training Modules: Insider Threats for End Users


IT Staff

Being a member of IT comes with additional responsibilities and risks, primarily due to having trusted and privileged access to University resources that non-IT staff members do not. This series aims to help make you aware of the heightened risks associated with IT job roles and provide you with the knowledge to ensure that University assets and data remain protected. All modules must be completed to receive credit for completing this course.

  • Number of Modules: 2
  • Approximate Duration: 25 minutes
  • Training Modules: Call Center & Help Desk Awareness, Privileged User Security Series: Privileged Access
  • Also Recommended: Phishing Foundations, Remote Work: Cyber and Physical Security, Remote Work: Keeping It Private, Remote Work: Setting Everything Up



The Payment Card Industry (PCI) Data Security Standard (DSS) is a global information security standard designed to prevent theft and fraud through improved credit card data security practices.  This training course covers information essential for becoming and maintaining compliance with PCI DSS.

  • Number of Modules: 1
  • Approximate Duration: 25 minutes 
  • Training Modules: PCI Simplified


Phishing Foundations

According to the FBI’s 2020 Internet Crime Report, phishing was the most common type of cyber-attack, resulting in over $54 million in losses. Unlike other types of cyber threats, phishing attacks often target the most vulnerable point in any organization’s cybersecurity infrastructure, its people. Phishing emails appear legitimate and often bypass filters and antivirus software meant to protect you and the University. Therefore, recognizing and reporting phishing attempts is vital for helping Pitt IT combat these attacks. This interactive training course explains how a phishing attack works, how to recognize one, and what to do if this scam targets you. 

  • Number of modules: 1
  • Approximate duration: 15 minutes
  • Training Modules: Phishing Foundations


PHI Workforce

University personnel not part of a HIPAA Covered Component but who may encounter Protected Health Information (PHI) as part of their regularly assigned duties are required to complete this course as part of the University’s HIPAA Compliance Program. Please contact the Office of Compliance, Investigations, and Ethics with questions by visiting https://www.compliance.pitt.edu.

  • Number of Modules: 3
  • Approximate Duration: 21 minutes
  • Training Modules: FERPA (Education), Handling Sensitive Information Securely, Part 1, Handling Sensitive Information Securely, Part 2


PII and Identity Theft Prevention

NOTE: Completion of this course also meets the training requirements for the Federal Information Security Management Act (FISMA) and FAR 52.224-3

According to the FBI’s annual Internet Crime Report, identity theft was one of the top five crimes reported in 2021 with over 51,600 cases. Protecting Personally Identifiable Information (PII) is critical to preventing identity theft and ensuring the integrity of your identity. This series of modules helps build upon your foundational information security knowledge and skills to help you safeguard the PII entrusted to the University by its community. All modules must be completed to receive credit for completing this course.

  • Number of Modules: 3
  • Approximate Duration: 45 minutes
  • Training Modules: 2022 Your Role: Internet Security and You, Identity Theft and Data Breaches, PII and You



According to the U.S. Cybersecurity & Infrastructure Security Agency (CISA), the FBI’s Internet Crime Complaint Center (IC3) received over 2,000 reported incidents of ransomware attacks between January and July of 2021 alone, with estimated losses of $16.8 million. Ransomware attempts to hold your files and data hostage and demands money for its release, and it is an increasingly dangerous and popular tactic among cyber criminals. This course will introduce you to ransomware, how it works, and how to identify potential attacks.

  • Number of Modules: 1
  • Approximate Duration: 5 minutes
  • Training Modules: Micro-module – Introduction to Ransomware


Remote Work 

Working remotely introduces information security concerns you may not always think about while in the office or classroom. This series covers several topics to reduce risk while working from home or from an alternate work location, including securing your workspace and maintaining privacy. All modules must be completed to receive credit for completing this course.

  • Number of modules: 3
  • Approximate duration: 45 minutes
  • Training Modules: Remote Work: Cyber and Physical Security, Remote Work: Keeping It Private, Remote Work: Setting Everything Up


Print Article


Article ID: 542
Mon 11/27/23 3:11 PM
Fri 5/31/24 1:32 PM

Related Services / Offerings (1)

SECURITY CONSULTING AND EDUCATION KnowBe4 provides security awareness resources to train, promote and reinforce information security best practices.