[ skip to content ]

More Information about this image

Handbook and paperwork for the newly hired.

Old Dominion University

Information Technology Standard

03.1.0 IT Security Awareness Program Guidelines

Date of Current Revision or Creation: December 1, 2020

The purpose of an Information Technology Standard is to specify requirements for compliance with Old Dominion University Information Technology policies, other University policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.

  1. Purpose

    The purpose of this guideline is to describe the information security awareness, training, and education program for Old Dominion University.

  2. Definitions

    Data Management Group (DMG) - The group is comprised of representatives of Data Owners and technical leads at the University who are responsible for the review and operational effectiveness of data management policies and procedures.

    Information Security Officer (ISO) - The Old Dominion University employee, appointed by the President or designee, who is responsible for developing and managing Old Dominion University's information technology (IT) security program.

    Information Technology Advisory Council (ITAC) is defined as the institutional committee of faculty and staff charged with the responsibility to advise review and recommend on matters related to information technology.

    Security awareness training is comprised of formal and informal processes for educating employees and students about the University's policies and procedures for working with information technology.

  3. Standards Statement

    Security awareness, training and education programs at Old Dominion University are aimed at creating an attitude towards a commitment to good security practices and facilitating a climate that views security rules as beneficial to the protection of the University environment.

    The Information Security Officer (ISO) is responsible for developing and maintaining an Information Security Program that includes oversight of a security awareness program to promote security awareness across the campus community.

    Information Security Awareness Training Program

    The IT security awareness program blends formal training with periodic reminders and promotional materials to increase the understanding of vulnerabilities and threats to the University's information systems. Information security training is directed on improving the security skills and competencies of all users and provide specific content based upon specific user roles

    All users must participate in the security awareness program through training sessions that correspond to role, responsibilities and use of information technology resources. This requirement is a condition of use.

    User Training for All Users

    • General Security Awareness/Initial Account Training
      This course is expected to increase user understanding and sensitivity to threats, vulnerabilities, and the need to protect University and personal information. All users are required to receive this training. This training is delivered on-line and is tied to account creation process.
    • Account Refresher Training
      This General Security Awarensss Awareness course is required annually, to refresh user understanding and sensitivity to threats, vulnerabilities, and the need to protect University and personal information. All users are required to receive refresher training and it is tied to account renewal process. Users may also elect to receive refresher training as desired.
    • General Community Awareness
      General awareness is broadly available through a variety of methods and media channels. Awareness is provided through guidelines and best practices on the Information Technology Services web site, posting of notices of phishing alerts and other advisories, through awareness messages, periodically in posters, brochures, email, newsletters, flyers, giveaways, on mouse pads in computer laboratories and by videos and telecasts on Monarch Vision TV. Efforts to increase awareness using social media are ongoing. Security policies and standards are published. An online awareness page shares best practice. Security staff provides presentations to groups upon requests. The ITS Help Desk staff incorporates security information into routine contacts with customers.
    • Instructor-led Topical Training
      Special topic presentations designed to address specific security training needs are provided. Sessions may be voluntary and are focused on a narrow topic, such as Internet Safety, Social Networking Security, 2-factor authentication, or Cyber Self Defense.
    • Cyber Security Event
      Along with other institutions, each October, Old Dominion University participates in the National Cyber Security Alliance's National Cyber Security Awareness Month campaign to raise awareness about cyber security and online safety by highlighting precautions users can take to help protect themselves online.

    Training for Security Roles

    • IT Security Administrator Training
      Training for those who manage, administer, operate, and design IT systems, is conducted via conferences, formal training, or informal training opportunities annually as practicable and necessary.
    • Security Review and Consultation
      Staff from the IT Security office is available to consult with campus users on risk assessments, application reviews, vulnerability scans, rights managements and information on security best practices.

    Employee Roles

    • Employee Security Awareness Training
      This course provides an overview of compliance and is designed to explain employee responsibilities to security. Attention to IT Security policy and standards is provided with special focus on handling of sensitive data. This training is usually delivered on-line and is tied to account management process.
    • New Employee Orientation
      Basic information and training materials are provided to new employees as a part of their orientation to the University.

    Specialized Roles

    • New Student Orientation
      Basic information and training materials are provided to new students as a part of their orientation to the University.
    • Remote Users Security Training
      This course provides an overview of employee responsibilities when connecting to information resources from a remote location. Attention to IT Security policy and standards, securing the workstation, handling of sensitive data and incident reporting is provided. This training is delivered on-line and is tied to VPN account management process.
    • Restricted System Owner Training
      System owners for systems with sensitive data or business function have an annual meeting with the ITS Security Office to review their roles and responsibilities and to refresh their system risk assessment, which constitutes a role-based awareness opportunity for this role.
    • Disaster Recovery Team Training
      Annual table-top exercises, weather events or cyclical planning exercises are included in awareness efforts. Major storms, business continuity events, or Business Impact Analysis events allow for training and awareness for aspects of the Information Security Program, and related policies and procedures. These opportunities are designed to prepare the members of the Disaster Recover Team and broader audiences to effectively function in their roles by having a good understanding of the ODU IT Business Impact Analysis and Disaster Recovery Plan.
    • Specialized User Communication
      Formal distribution lists or other communication methods are used to dispense information to special user populations. Information is focused on policies, standards, procedures, skills, tools, etc. needed to perform their specific role or function. Specialized populations may include Campus Residents, System Administrators, Data Owners, System Owners, the Data Management Group and the Information Technology Advisory Council.

  4. Procedures, Guidelines & Other Related Information

    University Policy 3500 - Policy on the Use of Computing Resources

    University Policy 3505- Information Security Policy

    Information Technology Security Program

    Safe Computing Practices web site

  5. History

    Date

    Responsible Party

    Action

    October 2008

    ITAC/CIO

    Created

    October 2009

    ITAC/CIO

    Reaffirmed

    October 2010

    ITAC/CIO

    Reaffirmed

    October 2011

    ITAC/CIO

    Reaffirmed

    March 2012

    ITAC/CIO

    Reaffirmed

    December 2012

    IT Policy Office

    Numbering revision; departmental name update
    August 2015 IT Policy Office/ISO
    		 Three year review, updated roles, groups, links.
    December 2018 IT Policy Office
    		 Definitions and links checked
    December 2020 IT Security Office Minor update for ensuring consistency with established practices

Contact

IT Project Management

IT Project Management coordinates the efforts and resources of ODU ITS to produce effective, quality solutions for the University's students.

Student Computing

Faculty & Staff Computing

Site Navigation

Experience Guaranteed

Enhance your college career by gaining relevant experience with the skills and knowledge needed for your future career. Discover our experiential learning opportunities.

Academic Days

Picture yourself in the classroom, speak with professors in your major, and meet current students.

Upcoming Events

From sports games to concerts and lectures, join the ODU community at a variety of campus events.