Skip to content

Information Security Training

Last updated: October 20, 2025

In addition to the self-guided Security & Authentication  and Privacy  Topic Guides, UW-IT Information Security offers training to raise the UW community’s general awareness about information security topics and specialized content for those whose responsibilities include. Please visit the Information Security event calendar to register or contact help@uw.edu to schedule a training.

Request a Training

Most trainings are scheduled in response to customer requests. We’ll work with you to coordinate sessions that support the University’s needs and priorities.

To request a training, please complete our Training Request Form.

Note: Some trainings are available online in an asynchronous format, allowing you to complete them at your own pace.

General

General

This quick video introduces the basics of information security at UW. Learn what common threats to watch out for and cybersecurity best practices to protect University systems and data. Whether you’re new to UW or just need a refresher, this video helps you understand your role.

Audience

Students and UW personnel

Details

Format:  On-demand video.
Length: Approximately 20 minutes.

Researchers requiring proof of general information security and privacy training as part of their grant or regulatory requirements.

Audience

UW Researchers

Details

Format: Asynchronous online.
Length: Approximately 20 minutes.
Registration: By request.

Privacy Practices

privacy

Teaches University personnel how to proactively include privacy in the design of their project, service, or system, and how to react when things don’t go as planned. Includes information about:

  • Proactive Privacy by Design concepts that are based on research and adapted to align with UW Privacy Principles.
  • Reactive data subject request and incident management policies and practices at UW.
  • On-demand training for specific privacy practices and requirements.
  • Support services available through the Privacy Office.

Audience

UW Personnel who work with personal data.

Details

Format: Synchronous online.
Available: By request.
Length: 50 minutes.
Register: Event Calendar.

This training video describes the data processing agreement workflow, how to make use of self-help resources, and, if needed, ask for assistance from the UW Privacy Office.

Audience

  • UW personnel responsible for contracts for IT systems involving personal data.

Details

Format: On demand video (UWNetID required to view).
Length: Approximately 7 minutes.

Data inventory

data inventory

Provides a high-level overview of the value a data inventory will provide the University community and how TrustArc can help you with your responsibility for managing personal data. Includes guidance for developing a data inventory project plan.

Audience

  • Business process owner or the business process owner’s designee.
  • System owner or the system owner’s designee.
  • Third party contact or third party contact’s designee.

Details

Format: On demand video.
Length: 50 minute, 3-part video series.

This training describes how TrustArc functions as a privacy, data governance, and accountability framework. Includes an overview of how third party, system, and business process records document critical information to help UW units assess and manage privacy-related risks. Learn how to create business process records using a business process questionnaire or directly in TrustArc. Includes information about required fields.

Audience

  • UW personnel who will be:
    • Responding to business process questionnaires.
    • Creating data inventory records in TrustArc.

Details

Format: On demand video.
Length: 55 minute, 2-part video series.

Personal data collection and use

personal data collection and use

This training provides an overview of Gramm-Leach-Bliley Act (GLBA) and how it applies in university settings. You’ll learn about our institutional and individual responsibilities for safeguarding sensitive personal and financial data as a financial institution.

The training covers:

  • Key GLBA requirements
  • Roles and responsibilities for UW personnel handling GLBA-covered data
  • How to recognize and manage risks to customer information

Audience

Required for UW personnel who access or manage GLBA-regulated data. Registration is limited to UW personnel who access or manage GLBA-regulated data.

Details

Format: Asynchronous online.
Available: By request.
Length: Approximately one hour.

Introduces new requirements and resources for appropriate use of demographic data for University Personnel. These requirements and resources are aimed at supporting privacy, data governance, and DEI at the UW.

Audience

UW Personnel who work with job applicant or UW personnel data.

Details

Format: Synchronous online.
Available: By request.
Length: 50 minutes.

Introduces a shared vision to use student data—such as interactions on the Canvas learning management system—to improve retention while respecting student privacy and managing risk to the University. This effort includes an appropriate use guide for academic analytics, UW-IT created tools that gather analytics, and online resources for students to provide greater transparency as to when and where their data is collected and for what purpose.

Audience

UW Personnel who work with data about students.

Details

Format: Synchronous online.
Available: By request.
Length: 45 minutes.

Security for IT Professionals

Join other Domain Admins to learn together as we explore BloodHound for understanding your Active Directory operational environment and potential permission drifts and access weaknesses that can lead to a compromise of user and computer accounts.

We’ll cover step-by-step install of BloodHound (Graphing GUI) and how to run SharpHound script (data gathering) on a domain joined Windows machine.

Audience

Domain Admins

Details

Format: Synchronous online.
Available: By request.
Length: Hour and a half.
Requirements:

  • Your own laptop (Mac or Windows) with Firefox browser installed
  • Responsible for administrating an active directory machine.
  • A basic understanding of permissions and windows groups

Get hands-on experience hacking a vulnerable web application. Explore common vulnerabilities such as XSS, SQL injection, and web parameter tampering. This course will incorporate hands-on exercises throughout, including modifying server configurations to learn how to put the above techniques to use.

Who should attend

IT professionals

Details

Format: Synchronous online or in person.
Available: By request.
Length: Three hours.

Requirements:

  • Your own laptop (Mac or Windows) with Firefox browser installed
  • A basic understanding of HTML and JavaScript
  • A basic understanding of HTTP
  • Familiarity with Developer Tools in Firefox

After gaining a foundational understanding of common web app vulnerabilities from Web App Security 101, you’ll explore the browser security model, including features of the modern browser you can immediately apply to reduce the overall risk to your web applications. This course will incorporate hands-on exercises throughout, including modifying server configurations to learn how to put the above techniques to use.

Topics:

  • Same Origin Policy
  • CORS
  • Content Security Policy
  • HTTP Strict Transport Security
  • Subresource Integrity
  • Explicit MIME Types
  • Safer Cookies

Audience

IT Professionals

Details

Prerequisite: Web App Security 101: Thinking Like An Attacker
Format: Synchronous online or in person
Available: By Request.
Length: 5 hours, including 1 hour for lunch.
Register: Event Calendar.
Requirements:

  • Your own laptop (Mac or Windows) with Firefox browser installed
  • A basic understanding of HTML and JavaScript
  • A basic understanding of HTTP
  • Familiarity with Developer Tools in Firefox