[ skip to content ]

More Information about this image

Handbook and paperwork for the newly hired.

Old Dominion University

Information Technology Standard

05.1.0 IT Security Incident Handling Standard

Date of Current Revision or Creation: October 1, 2021

The purpose of an Information Technology Standard is to specify requirements for compliance with Old Dominion University Information Technology policies, other University policies, as well as applicable laws and regulations. Standards may include business principles, best practices, technical standards, migration and implementation strategies, that direct the design, deployment and management of information technology.

  1. Purpose

    The purpose of this standard is to provide guidance on the management, notification, and investigation of IT security incidents at Old Dominion University.

  2. Definitions

    Information Security Officer (ISO) - The Old Dominion University employee, appointed by the President or designee, who is responsible for developing and managing Old Dominion University's information technology (IT) security program.

    Security Incident Handling Requirements identify the steps necessary to respond to suspected or known breaches to IT security safeguards.

    Security Incident Response Team is a designated group of information technology professionals with the responsibility and authority for responding to information security incident reports.

  3. Standards Statement

    Old Dominion University's Security Incident Response Team has the overall responsibility and authority for managing all reported security incidents.

    The ISO should be notified of all computer and network security incidents that may affect the confidentiality, availability and/or integrity of the information technology resources at Old Dominion University.

    Incident Classification

    Security incidents will be classified according to incident categories and severity of incident in order to determine the appropriate response. A security incident classification scheme will be maintained by the Information Security Officer or designee to describe security events and support incident tracking over time.

    Incident Reporting and Detection

    All members of the University community are responsible for promptly reporting suspected or known security incidents, including an observed or suspected security weakness in university systems.

    In addition to reports from the University community, irregular events may be detected that indicate potential security incidents. Detection is a collaborative effort among university and departmental operational staff, IT support, and information security personnel. Controls to deter and defend against cyber-attacks should be identified to best minimize loss or theft of information and disruption of services. Proactive measures based on cyber-attack history and industry data should be used to defend against new forms of cyber-attacks.

    When receiving a report of a suspected or confirmed security incident, the ISO or Security Incident Response Team will gather as much of the following information as possible:

    • Name, affiliation, e-mail address, and phone number of people reporting the incident
    • Description of the suspected security incident
    • Information to help identify the source of the suspicious activity, like an IP address or an e-mail message with full headers
    • Date(s) and time(s) of the suspicious activity
    • Evidence of suspicious activity

    In addition to documenting the initial report, the ISO or Security Incident Response Team will document the incident, initiate appropriate incident handling procedures, communicate with and provide feedback about the results to appropriate stakeholder once the incident has been handled and closed.

    ODU has established procedures for IT security incident investigation, preservation of evidence, and forensic analysis. When a security incident involves legal action against a person or organization, or a personnel action against an employee, evidence must be collected, preserved, and presented to conform to the rules for evidence specified in the relevant jurisdiction(s).

  4. Procedures, Guidelines & Other Related Information

    Federal and State Law

    University Policy 3500 Policy on the Use of Computing Resources

    University Policy 3505 Information Technology Security Policy

    Incident Reporting Form

  5. History


    Responsible Party


    October 2008



    October 2009



    October 2010



    October 2011



    March 2012



    December 2012

    IT Policy Office

    Link updated

    August 2013

    IT Policy Office

    Departmental name updated

    August 2015 IT Policy Office/ISO
    Three year review; updated links and definitions.
    December 2018 IT Policy Office
    Definitions and links checked
    October 2021 CISO Minor edits for clarification

Site Navigation

Experience Guaranteed

Enhance your college career by gaining relevant experience with the skills and knowledge needed for your future career. Discover our experiential learning opportunities.

Academic Days

Picture yourself in the classroom, speak with professors in your major, and meet current students.

Upcoming Events

From sports games to concerts and lectures, join the ODU community at a variety of campus events.