Security Training

Education on best practices for IT security development and compliance

CUIT's Office of the Chief Information Security Officer offers general security education and structured training for the Columbia University community on internet safety, social engineering and IT Security best practices for web development, compliance and education.

Online Security Awareness Training 

  • Free individual optional training provided to all users with a Columbia UNI available on securitytraining.columbia.edu
  • Quiz at the end of each module to test your information comprehensions
  • Printable certificate of completion for each module successfully completed
  • Multiple modules spanning a range of topics:
    • PCI Basics: Payment Card Industry (PCI) Data Security Standards were established by major credit card companies to help organizations that process credit cards prevent credit card fraud and breaches of cardholder information.
      • Learn about PCI’s 12 requirements that constitutes compliance by organizations when handling credit card transactions
    • Security Essentials: Security breaches are caused by the loss or theft of computers and devices, accidental sharing of information and social engineering. It is important that we understand the full impact of a breach to the University (e.g., fines and lawsuits, public embarrassment, loss of valuable assets).This training will help:
      • Define information security breaches, provide examples, explain their root cause and walk you through the steps to prevent them.
      • Explain how to safely use computing devices, create strong passwords and protect information when traveling or working remotely.
    • Social Engineering: Focuses on the less technical but very sophisticated attacks from a variety of methods, including:
      • How callers extract information via telephone calls made with a fake identity.  
      • Email ‘phishing’ attacks, where a person is asked to take action or follow a link designed to extract sensitive information. 
      • Internet attacks that are used to harvest sensitive information about employees or customers through activities on search engines, social media sites, message boards or forums.
      • Fraudulent web pages may be designed to gather sensitive information like log-in credentials and get you to complete them. 
      • Personal attacks, where social engineers conduct visits to buildings or offices using a fake identity to gather information, eavesdrop, access conference calls or log into an unsecured computer. 
    • Protecting Sensitive Information: Major information loss is reported almost daily and most, but not all, are from simple human error. Learn your role in understanding the following:
      • What information needs to be protected
      • What are the consequences of exposing information
      • Learn the many ways that information can be lost or stolen
      • Your role in protecting sensitive information
    • FERPA: Family Education Rights and Privacy Act (“FERPA”), created in 1974, defines the protection of student education records.
      • Learn what is or is not considered part of the education record
      • Directory and non-directory information
      • Situations in which stated information may or may not be disclosed
      • Learn about a student’s rights regarding their education record and the parent’s rights regarding the education record of his or her child
      • Gain an understanding of what the University may disclose without a student’s consent
      • Guidelines for student written consent of disclosure
    • HIPAA Privacy (mandatory for CUMC staff): HIPAA applies to the employees, faculty and students within the covered entity of the University. This training module will define Electronic Protected Health Information and the Federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). 
      • Training addresses private health information (PHI) and its impact on health care providers, as well as understanding of the 18 identifiers, time factors and formats in which private health information can be communicated. 
      • Will help you gain a better comprehension of how the HIPAA Security rule addresses the confidentiality, integrity and availability of protected health information in an electronic form.
      • Learn why Columbia is designated as a Hybrid Entity, and how that changes privacy rule requirements.
      • Learn why Columbia Medical Centers, New York Presbyterian Hospital and Weill Cornell Medical Center form an Organized Health Care Arrangement (OHCA), allowing them to share PHI with one another that have common patients.     
    • Identity Theft Prevention

Group Presentations

  • Educational sessions available to provide a better general understanding of IT Security
  • Past topics have included “What is PII? (Personally Identifiable Information)”, “How to recognize phishing email, social media traps and social engineering”, “Secure IT Best Practices for CU and at Home

Structured Security Training Courses

  • Designed for IT web and application developers, IT systems administrators and IT database administrators that work with Columbia's central systems
  • Conducted by expert security professionals to supply best practices and information on proper coding to defend against the latest techniques being employed by hackers to find vulnerabilities in code, to compromise user IDs, and/or to launch attacks like cross-site scripting or denial of service
  • Limitations: Courses are scheduled over two days and contracted to Security industry trainers, so advance registration is required and attendee limits may apply. Costs will vary depending on number of attendees per session.