Risk Assessment
ITS maintains many standards that support the Information Security Program at ODU. (They can all be found here.) The IT Security Roles and Responsibilities standard describes responsibilities for those who own on-premises systems or contracts for hosted applications, those who are responsible for data ownership, and those who are responsible for data administration. As more services are hosted in the cloud, the roles of the contract administrator (acting as the system owner), the data owner and the data administrator become key to ensuring the security of the data that is being hosted.
Roles & Responsibilities
Risk Assessment is the process that will benefit both the individual department and the university as a whole. Completing such an analysis/assessment is extremely important in today's advanced technological world. It is important that users understand what risks exist in their information assets environment, and how those risks can be reduced or even eliminated.
Departments should conduct risk assessments and plans, in conjunction with data owners, every three years using the information from the IT Risk Assessment Standard.
Data Classification
All institutional data is owned by Old Dominion University. As such, all members of the University community have an obligation to appropriately secure and protect the asset in all formats and in all locations.
Software Decision Analysis
Before a new piece of software is introduced at ODU, ITS needs to review it for compatibility and security, especially if it will require the collection of personal data, the use of ITS systems and resources, or ongoing maintenance by ITS.