The College has adopted the policies, models, standards, and guidelines set forth by the Virginia Community College System (VCCS) Information Security Program. This, along with College-specific supporting documentation, constitutes the College’s Information Technology Security Plan.
VCCS governance considers it essential to communicate its information security requirements throughout the organization to all users in a form that is relevant, accessible, current, and understandable to any reader. Standards are applicable to all organizations that comprise the Virginia Community College System (VCCS) , including the System Office, the Shared Services Center, and all Community Colleges, and to all persons directly or indirectly employed by the VCCS, including student employees, faculty, adjunct faculty, staff, and contract personnel.
The College has chosen the website as the communication vehicle for faculty and staff. College-specific information technology security documents are available on the CAMP Information Technology website.
The purpose of security controls is to perform the tasks in the management, planning, technical, and operational safeguards and security measures to ensure the College’s confidential and sensitive information is secure, that data remains intact, and that College services remain available to our patrons. These resources are vulnerable to being rendered unusable or crippled due to sabotage, human error, and natural disasters. To preserve the integrity of information technology resources, all areas of the College must contribute to the appropriate level of protection of these mission-critical resources. The primary areas of focus for security controls which significantly reduce threats are:
|4 – Risk Management
|12 – Operations Security
|5 – Information Security Program
|13 – Communications Security
|6 – Organization of Information Security
|14 – System Acquisition, Development & Maintenance
|7 – Personnel Information Security
|15 – External Party Relationships
|8 – Asset Control
|16 – Incident Management
|9 – Access Control
|17 – Business Continuity Management
|10 – Cryptography
|18 - Compliance
|11 – Physical and Environmental Security
|19 – Cloud Services
|20 – Office 365 Standards
The College constantly works to neutralize, or minimize, all known vulnerabilities identified via the risk assessment of information technology resources and environment. While conducting business there remains inevitable risks that exist, therefore, it must be recognized that we function in this environment, yet strive to provide services while instituting reasonable protective measures. The College will determine funding sources during planning to rectify, where applicable, any discrepancies of non-compliance with ISO/IEC 27002:2013(E), as identified from conducting the Business Impact Analysis and the Risk Assessment for Information Technology Infrastructure.
Contact the College Information Security Officer for further information or questions on the college Information Technology Security Plan.