Security Awareness Training

Columbia University values the importance of openly communicating and sharing information, while promoting the safety and security of all students, faculty and staff. To protect sensitive data and computer systems while strengthening security awareness, the University has launched Security Awareness Training.
For a complete list and description of each training module, please see below.
To access the Security Awareness training modules, go to:
We value your feedback/suggestions. Please send your comments to: 


Security Training Modules:

Introduction to Security Awareness Training

This training includes:

  • Why is the training important?
  • What is information security?
  • Why is security important?
  • What is sensitive and confidential information?
  • Columbia IT policies
  • Security tips and reminders

Security Essentials

Security breaches are caused by the loss or theft of computers and devices, accidental sharing of information and social engineering. It is important that we understand the full impact of a breach to the University (e.g., fines and lawsuits, public embarrassment, loss of valuable assets).This training will help:

  • Define information security breaches, provide examples, explain their root cause and walk you through the steps to prevent them.
  • Explain how to safely use computing devices, create strong passwords and protect information when traveling or working remotely.

Social Engineering

Social Engineering focuses on the less technical but very sophisticated attacks from a variety of methods, including:

  • How callers extract information via telephone calls made with a fake identity.  
  • Email ‘phishing’ attacks, where a person is asked to take action or follow a link designed to extract sensitive information. 
  • Internet attacks that are used to harvest sensitive information about employees or customers through activities on search engines, social media sites, message boards or forums.
  • Fraudulent web pages may be designed to gather sensitive information like log-in credentials and get you to complete them. 
  • Personal attacks, where social engineers conduct visits to buildings or offices using a fake identity to gather information, eavesdrop, access conference calls or log into an unsecured computer. 

Protecting Sensitive Information

Major information loss is reported almost daily and most, but not all, are from simple human error. Learn your role in understanding the following:

  • What information needs to be protected
  • What are the consequences of exposing information
  • Learn the many ways that information can be lost or stolen
  • Your role in protecting sensitive information


Family Education Rights and Privacy Act (“FERPA”), created in 1974, defines the protection of student education records.

  • Learn what is or is not considered part of the education record
  • Directory and non-directory information
  • Situations in which stated information may or may not be disclosed
  • Learn about a student’s rights regarding their education record and the parent’s rights regarding the education record of his or her child
  • Gain an understanding of what the University may disclose without a student’s consent
  • Guidelines for student written consent of disclosure

PCI Basics

Payment Card Industry (PCI) Data Security Standards were established by major credit card companies to help organizations that process credit cards prevent credit card fraud and breaches of cardholder information.

  • Learn about PCI’s 12 requirements that constitutes compliance by organizations when handling credit card transactions

HIPAA Privacy

HIPAA applies to the employees, faculty and students within the covered entity of the University. This training module will define Electronic Protected Health Information and the Federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). 

  • Training addresses private health information (PHI) and its impact on health care providers, as well as understanding of the 18 identifiers, time factors and formats in which private health information can be communicated. 
  • Will help you gain a better comprehension of how the HIPAA Security rule addresses the confidentiality, integrity and availability of protected health information in an electronic form.
  • Learn why Columbia is designated as a Hybrid Entity, and how that changes privacy rule requirements.
  • Learn why Columbia Medical Centers, New York Presbyterian Hospital and Weill Cornell Medical Center form an Organized Health Care Arrangement (OHCA), allowing them to share PHI with one another that have common patients.