Your browser does not support JavaScript!

Information Security

Virginia is one of the few states with an enterprise IT infrastructure and the resulting single cybersecurity overview.

A cornerstone of the team is to ensure Virginia and its agencies are making good investments in cyber enhancements while empowering agencies to make better and faster decisions in securing their IT landscapes.

VITA's security and risk management, and the chief information security officer (CISO), are responsible for IT security and risk management for executive branch agencies. The scope includes protection of computer systems and networks from theft of or damage to hardware, software or electronic data, as well as from the disruption or misdirection of the services they provide.

If it's connected, it should be protected

VITA security teams are committed to protecting the Commonwealth's valuable data assets and providing a safe, secure technology environment that enables state agencies to accomplish their respective missions. VITA's security and risk management directorate is tasked with fulfilling this mission and in doing so, offers significant benefits to agencies of the Commonwealth. The team responds to over 30 million cyberattack attempts and blocks more than half a million pieces of malware on the Commonwealth's network every year.


Confidence in the integrity of the data and the systems processes

Assistance in compliance

Assistance in compliance with laws and regulation involving confidentiality

A secure environment

A secure environment in which to perform business activities of the Commonwealth

Identification and protection

Identification and protection of key business functions and services in the event of disaster

Monitoring for intrusions

Monitoring for intrusions and Network "attacks" on Commonwealth systems

The information security directorate develops and manages an ever-changing portfolio of tools and processes designed to secure Commonwealth data and systems.

  • Development and maintenance of standards, policies and procedures
  • Secure infrastructure & technical support
  • Critical infrastructure protection & business continuity
  • Risk management
  • Information security training and awareness
  • Incident management