Skip to main content

Cornell University

Annual Cybersecurity Awareness Training

On This Page

Why Cybersecurity Training?

Protecting Cornell data, including that of faculty, staff, and students, is a shared responsibility. While extensive technical safeguards reduce our risk considerably, the university's best defense continues to be a well-informed community that knows how to recognize and guard against cybersecurity attacks and threats. Organizations like Cornell are required to provide annual cybersecurity awareness training.

This self-paced training — ITSO100 (for staff) and ITSO101 (for faculty) — helps you recognize threats to both Cornell’s and your data and provides strategies to help you protect the institution and yourself from cyber-criminals. It also establishes an institution-wide baseline for cybersecurity awareness that, if practiced well, reduces cybersecurity risks overall and meets federal and state regulations covering cybersecurity.

The goals of this training are to:

  • Improve your awareness of cybersecurity risks and discover strategies to mitigate them.
  • Improve your ability to respond to cybersecurity incidents and to know where to go for help.
  • Familiarize you with services offered by Cornell to help protect individual and university data and systems.

Tips for Taking the Training

The training will be automatically assigned to you, and you will receive email from CULearn prompting you to take it. You can also find the training by going to CULearn and clicking the Me tab. If you haven't yet completed the training, you will see it listed on your plan. You can also search for "cybersecurity awareness".

For the best experience:

  • Use Chrome as your web browser and disable popup blockers
  • Log in using your Cornell NetID as your username. Do not use Cornell email aliases or other email addresses.
  • The training is intentionally brief.
    • Staff: Plan for 15-20 minutes to take the training (called ITSO100), and be sure that you answer the five quiz questions correctly to receive a score of 100 and be recorded as complete. You can take the quiz repeatedly.
    • Faculty: Plan for 10 minutes to take the training (called ITSO101), and complete the Yes/No acknowledgement at the end.
  • It may take up to 48 business hours for your record to show that you completed the training.

Consequences of Not Completing the Training

Annual cybersecurity training is mandatory for all Cornell employees. Individuals have 45 days to complete the training from the date it is assigned, and will receive several email messages.

If you do not complete the training by the 45-day deadline, you see a warning page for the next 7 days when you try to log in to many Cornell applications and websites. After that 7-day extension, if you still have not completed the training, you will be unable to sign in to many university applications and websites. These restrictions may impact your ability to complete some or many of your job responsibilities. Disciplinary protocols may be considered with guidance from your HR representative.

Please contact the IT Service Desk if you believe your completion record is incorrect.

Managers and Leaders: Review Department Compliance

Managers, leaders, and HR representatives can review the cybersecurity training compliance status for their team (or for leaders and HR representatives, their college or unit) through the Workday report titled "Cybersecurity Awareness Training Is Overdue by Supervisory Organization." See this job aid for details. Managers will also receive Workday inbox notifications about those have not completed the training.

Get Help

If you are having trouble accessing the training, believe you already took it, or have other questions, please contact the IT Service Desk.


To share feedback about this page or request support, log in with your NetID

At Cornell we value your privacy. To view
our university's privacy practices, including
information use and third parties, visit University Privacy.