About VASCAN:

Who we are:

The Alliance brings together Virginia higher education security practitioners who developed and maintain security programs widely emulated by other institutions, and researchers who create cybersecurity instruction and research programs nationally recognized for excellence. VASCAN is made up of security professionals from George Mason University, James Madison University, the University of Virginia, Virginia Tech, and the Virginia Commonwealth University as well as researchers and staff from the Center for Security Information Systems at George Mason University, the Institute for Infrastructure and Information Assurance at James Madison University, and the joint George Mason/James Madison Critical Infrastructure Protection Project.

The Alliance benefits to the Commonwealth are:

• immediate gains realized by leveraging field-proven security tools and best practices and staff expertise; and
• future improvements brought about through close linkages of these existing methods and knowledgebase with cybersecurity research, instruction, and federal and state government initiatives.

In addition, the members agree the operational activities of the alliance should be guided by these principles:

• We will teach and guide clients to develop and maintain strong security programs; we will not develop and maintain programs for them.
• We will base alliance offerings on state and federal standards, and those offerings will support the objectives of federal and state information sharing.
• Our offerings will reflect the business need to balance security risks and other organizational priorities.
• Our offerings will promote the notion that security is not just a technical issue. It is a concern should be transfused into everything an organization does.
• Research will be used to keep offerings on the cutting edge.
• Cooperation will transcend competition.

What we do:

VASCAN began offering products and services in March of 2003. These offerings are based upon the principle that the most lasting improvements to security programs can be made not by performing security functions for organizations, but rather by educating and guiding management and staff teams in defining and carrying out their own security strategies and ongoing security operations. Initial offerings include:

• Security instructional materials and on-site training
• Consulting in the forms of an "ask the expert" email service and on-site consulting engagements on a variety of security topics
• A web-based toolkit of security tools and best practices
• A self-assessment checklist for Commonwealth of Virginia security standards
• Information resources provided through:
  • a moderated mail list for general security discussions,
  • a VA-CIRT group for tracking new threats,
  • periodic information sharing meetings and workshops, and
  • linkages to other information sources

Researchers affiliated with VASCAN are developing a comprehensive secure university model responsive to Commonwealth and Federal security regulations and guidelines. When completed, this research will drive further development of alliance products and services.

VASCAN partners are advised by representatives from other Virginia institutions. Advisor institutions currently include: