Strengthening Cybersecurity

CampusWorks Partners with Virginia’s Community College System (VCCS)

Virginia’s Community Colleges System (VCCS), encompassing 23 community colleges and a System Office, has a mission-driven focus to give everyone the opportunity to learn and develop the right skills so lives and communities are strengthened. To better support its mission through enhanced operational efficiency and resource allocation, VCCS established the Shared Services Center in 2016. This initiative aimed to streamline transaction-based functions, save costs through efficiency, leverage technology for accuracy, and provide consistent, high quality services across all VCCS institutions, irrespective of their size.

Challenge

VCCS’s Chief Information Officer (CIO) identified a critical challenge with the System’s shared services model, observing that it was only as robust as its weakest link. While the arrangement offered many benefits, it also exposed all entities to cybersecurity risks due to lack of uniformity in security practices across the institutions.

Partnership with CampusWorks

To address these cybersecurity concerns, VCCS partnered with CampusWorks, known for spearheading initiatives and enhancing unity within state systems. The partnership focused on conducting a comprehensive Cybersecurity Risk Assessment and leading remediation efforts for a unified cybersecurity approach across VCCS’s 23 community colleges, the System Office, and the Shared Services Center.

Methodology

CampusWorks utilized a three-part Cybersecurity Risk Assessment Methodology, based on National Institute of Standards and Technologies (NIST) and Center for Internet Security (CIS) standards, encompassing governance, risk management, and controls. This methodology provided a comprehensive view of VCCS’s cybersecurity posture, identifying strengths and areas needing improvement.

1. Governance

   Assessment of how cybersecurity is managed, based on NIST standards.

2. Risk Management

   Evaluation of risk identification, assessment, and management processes, based on CIS standards.

3. Controls

   Review of technical and procedural controls based on CIS v8 Control Suite

Results

► Each VCCS entity received a comprehensive report detailing the assessment team’s findings and recommendations for establishing a robust and unified approach to information security.
► By implementing these recommendations in unison, all VCCS entities will enhance their collective ability to defend against an ever-increasing range of cyber threats, secure their sensitive data, and ensure regulatory compliance.
► The forthcoming implementation of the remediation plan will involve key initiatives, such as establishing a central security authority, developing a Security Governance Program, adopting best practices system-wide, and creating a focused compliance strategy.
► The partnership with CampusWorks will not only strengthen VCCS’s cybersecurity defenses but will also reduce its risk of breaches and maintain cybersecurity insurance at a favorable premium.

Looking Forward

The collaboration between VCCS and CampusWorks exemplifies a strategic approach to addressing cybersecurity challenges in a multi-institution system leveraging shared services. By implementing a comprehensive, customized remediation plan, VCCS will significantly enhance its cybersecurity posture, aligning with industry best practices and creating a model for other educational systems to follow.