Security Training

Education on best practices for IT security development and compliance.

Education for the Columbia community on best practices for computer and web security, development, and compliance

CUIT's Office of the Chief Information Security Officer offers general security education and structured training for the Columbia University community on internet safety, social engineering, and IT Security best practices.

Online Security Awareness Training 

  • Columbia University’s Security Awareness platform is powered by Arctic Wolf.  This platform provides the following through emailed links:
    • The introductory (Quick Start) module, a 5-minute module that will introduce you to the Managed Awareness program and describe some of the topics covered by the program
    • Weekly 2- to 3-minute modules that cover security topics such as Phishing Email attacks and Social Engineering, and some tips on how to avoid becoming a victim of those threats
    • Phishing Simulations, conducted randomly every month to help our community identify and report suspicious emails to Columbia University’s CyberSecurity team
  • Communications from Arctic Wolf will be sent from the address “[email protected]

Additional online training opportunities available to Columbia University Staff, Faculty, and Students can be found on Columbia University’s Human Resources website. These resources are:

  • Enterprise Learning Management system (ELM) which is available to Staff and Faculty.
    ELM courses span a range of topics:
    • PCI Basics: Payment Card Industry (PCI) Data Security Standards were established by major credit card companies to help organizations that process credit cards prevent fraud and breaches of cardholder information.
      • Learn about PCI’s 12 requirements that constitute compliance by organizations when handling credit card transactions
    • FERPA: Family Education Rights and Privacy Act (“FERPA”), created in 1974, defines the protection of student education records.
      • Learn what is and is not considered part of the education record
      • Directory and non-directory information
      • Situations in which stated information may or may not be disclosed
      • Learn about a student’s rights regarding their education record and the parent’s rights regarding the education record of their child
      • Gain an understanding of what the University may disclose without a student’s consent
      • Guidelines for student written consent of disclosure
    • HIPAA Privacy (mandatory for CUIMC staff): HIPAA applies to the employees, faculty, and students within the covered entity of the University. This training module will define Electronic Protected Health Information and the Federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). 
      • The training addresses private health information (PHI) and its impact on healthcare providers, as well as understanding the 18 identifiers, time factors, and formats in which private health information can be communicated. 
      • Will help you gain a better comprehension of how the HIPAA Security rule addresses the confidentiality, integrity, and availability of protected health information in an electronic form.
      • Learn why Columbia is designated as a Hybrid Entity, and how that changes privacy rule requirements.
      • Learn why Columbia Medical Centers, New York Presbyterian Hospital, and Weill Cornell Medical Center form an Organized Health Care Arrangement (OHCA), allowing them to share PHI for patients they have in common.     
    • Identity Theft Prevention
      • Training to help familiarize employees with what Identity Theft is, how to identify possible instances of Identity Theft, how to prevent Identity Theft at Columbia.

 

  • LinkedIn Learning
    • LinkedIn Learning provides modules for technical skill development and is made available to CU and CUIMC Staff, Faculty, and Students.