The Enterprise Security and Risk Management Office (ESRMO) provide leadership in the development, delivery and maintenance of an information security program that safeguards the state's information assets and the supporting infrastructure against unauthorized use, disclosure, modification, damage or loss. The ESRMO supports a comprehensive statewide program that encompasses information security implementation, monitoring, threat and vulnerability management, and incident management. The ESRMO works with executive branch agencies to help them comply with security statutes, the statewide technical security architecture, security policies, industry best practices, and other regulatory requirements. Working with state agencies, federal and local governments, citizens and private sector businesses, ESRMO helps to manage risk to support secure and sustainable information technology services to meet the needs of our citizens.
Objectives
Protect confidentiality, integrity and availability of citizen’s data
Data is classified according to state law.
Data is encrypted when appropriate.
Ensure data is not compromised.
Data is available when required by citizens, agencies, or application.
Promote secure information technology operations environment
Coordinate incident response between the interested parties.
Statewide program for vulnerability management.
Disseminate information about protective measures to take against existing and upcoming security threats.
Provide training of North Carolina technology employees in the area of information security.
Help to create and sustain information security awareness programs.
Coordination / Communication
Work with agencies to disperse information concerning security incidents
Work with State and Federal law enforcement as required
Provide input on security for statewide information technology projects
Coordinate statewide security communication
Identify and provide guidance on risk management, and business continuity/COOP and audits
Provide assistance and consultation on IT risk management, and business continuity plans/COOP
Facilitate and coordinate audits/assessments of information technology infrastructure.
Support enterprise business continuity software
Provides reasonable assurance that IT security objectives are being achieved
Contact ESRMO Staff Enterprise Security and Risk Management Office PO Box 17209, Raleigh, NC 27619-7209