1.0 Purpose
1.1 To communicate to all Germanna Community College employees including student employees and contract personnel that the College has adopted the policies, models, standards, and guidelines set forth by the Virginia Community College System (VCCS) Information Security Program. This, along with College-specific supporting documentation, constitutes the College’s Information Technology Security Plan.
2.0 Policy
2.1 VCCS governance considers it essential to communicate its information security requirements throughout the organization to all users in a form that is relevant, accessible, current, and understandable to any reader.
2.2 Standards are applicable to all organizations that comprise the Virginia Community College System (VCCS) including the System Office, the Shared Services Center, and all Community Colleges and to all persons directly or indirectly employed by the VCCS including student employees, faculty, adjunct faculty, staff, and contract personnel.
2.3 Security controls: The purpose of security controls is to perform the tasks in the management, planning, technical, and operational safeguards and security measures to ensure the College’s confidential and sensitive information is secure, that data remains intact, and that College services remain available to our patrons. These resources are vulnerable to being rendered unusable or crippled due to sabotage, human error, and natural disasters. To preserve the integrity of information technology resources, all areas of the College must contribute to the appropriate level of protection of these mission critical resources. The primary areas of focus for security controls which significantly reduce threats are provided below in Section 5. References.
3.0 Procedures
3.1 The College has chosen the Intranet as the communication vehicle for faculty and staff. College-specific information technology security documents are available on GCentral.
3.2 Faculty and Staff will use their Germanna Computer Credentials to log into GCentral to view the Information Technology Security Plan control documents.
4.0 Definitions
5.0 References
- 04 – Risk Management
- 05 – Information Security Program
- 06 – Organization of Information Security
- 07 – Personnel Information Security.
- 08 – Asset Management
- 09 – Access Control
- 10 – Cryptography
- 11 – Physical and Environmental Security
- 12 – Operations Security
- 13 – Communications Security
- 14 – System Acquisition Development and Maintenance
- 15 – External Party Relationships
- 16 – Incident Management
- 17 – Business Continuity Management
- 18 – Compliance
- 19 – Public Cloud Services
- 20 –Office 365
6.0 Point of Contact
College Information Security Officer (ISO)
7.0 Approval and Revision Dates
Leadership Council: First Reading Date - 02/25/21; Approval Date - 03/25/21