Happy Campuses

CampusWorks Partners with Virginia's Community College System

Virginia's Community College System Cybersecurity
Shared Services

Happy Campus:
Virginia Community Colleges System

  • Colleges: 23
  • Campuses: 40
  • Students: 211,976 total degree/diploma-seeking students

Strengthening Cybersecurity

CampusWorks Partners with Virginia’s Community College System (VCCS)

Virginia’s Community Colleges System (VCCS), encompassing 23 community colleges and a System Office, has a mission-driven focus to give everyone the opportunity to learn and develop the right skills so lives and communities are strengthened. To better support its mission through enhanced operational efficiency and resource allocation, VCCS established the Shared Services Center in 2016. This initiative aimed to streamline transaction-based functions, save costs through efficiency, leverage technology for accuracy, and provide consistent, high quality services across all VCCS institutions, irrespective of their size.



VCCS’s Chief Information Officer (CIO) identified a critical challenge with the System’s shared services model, observing that it was only as robust as its weakest link. While the arrangement offered many benefits, it also exposed all entities to cybersecurity risks due to lack of uniformity in security practices across the institutions.


Partnership with CampusWorks

To address these cybersecurity concerns, VCCS partnered with CampusWorks, known for spearheading initiatives and enhancing unity within state systems. The partnership focused on conducting a comprehensive Cybersecurity Risk Assessment and leading remediation efforts for a unified cybersecurity approach across VCCS’s 23 community colleges, the System Office, and the Shared Services Center.



CampusWorks utilized a three-part Cybersecurity Risk Assessment Methodology, based on National Institute of Standards and Technologies (NIST) and Center for Internet Security (CIS) standards, encompassing governance, risk management, and controls. This methodology provided a comprehensive view of VCCS’s cybersecurity posture, identifying strengths and areas needing improvement.


  1. Governance

    Assessment of how cybersecurity is managed, based on NIST standards.

  2. Risk Management

    Evaluation of risk identification, assessment, and management processes, based on CIS standards.

  3. Controls

    Review of technical and procedural controls based on CIS v8 Control Suite



► Each VCCS entity received a comprehensive report detailing the assessment team’s findings and recommendations for establishing a robust and unified approach to information security.
► By implementing these recommendations in unison, all VCCS entities will enhance their collective ability to defend against an ever-increasing range of cyber threats, secure their sensitive data, and ensure regulatory compliance.
► The forthcoming implementation of the remediation plan will involve key initiatives, such as establishing a central security authority, developing a Security Governance Program, adopting best practices system-wide, and creating a focused compliance strategy.
► The partnership with CampusWorks will not only strengthen VCCS’s cybersecurity defenses but will also reduce its risk of breaches and maintain cybersecurity insurance at a favorable premium.


Looking Forward

The collaboration between VCCS and CampusWorks exemplifies a strategic approach to addressing cybersecurity challenges in a multi-institution system leveraging shared services. By implementing a comprehensive, customized remediation plan, VCCS will significantly enhance its cybersecurity posture, aligning with industry best practices and creating a model for other educational systems to follow.

The CampusWorks team’s performance on a systemwide security assessment for the Virginia Community College System was collaborative, comprehensive, insightful, and well-executed. The evaluation was hands-on and in-theweeds technical, and the team was thorough and knowledgeable, providing action-oriented feedback to improve the organization’s security posture. The VCCS now has a clear roadmap and a prioritized plan for achieving our security goals.

~Mike Russell, Ed.D., CIO, Virginia Community College System


VCCS’s shared services model exposed all entities to cybersecurity risks due to lack of uniformity in security practices across institutions.

CampusWorks Partnership

► Systemwide Cybersecurity Risk Assessment
► Cybersecurity Remediation



► Shared best practices
► Comprehensive remediation plan
► Enhanced cybersecurity defense
► Reduced breach risk