[Strategic Plan For Information Security]
[Enterprise Security and Risk Management Initiatives]
Information Security Services
[Statewide Policies and Guidelines]
[Security Standards Deviation Reporting]
[Antivirus Tools and Updates]
[Information Security Portal]
[Security Documentation]
[2004 Security Assessment]
[Emergency Alerts]
[Incident Management]
[Information Security Incident Reporting]
[NC-ISAC]
Risk Management Services
[Continuity of Operations and IT Business Continuity]
[Risk Management Program ]
[Business Continuity Software Updates and Training]
[Report to the General Assembly on Business Continuity and Disaster Recovery]
Internal Audit Services
[Internal Audit Charter]
[State Chief Information Officer]
[Office of Information Technology Services]
The Enterprise Security and Risk Management Office (ESRMO) provide leadership in the development, delivery and maintenance of an information security program that safeguards the state's information assets and the supporting infrastructure against unauthorized use, disclosure, modification, damage or loss. The ESRMO supports a comprehensive statewide program that encompasses information security implementation, monitoring, threat and vulnerability management, and incident management. The ESRMO works with executive branch agencies to help them comply with security statutes, the statewide technical security architecture, security policies, industry best practices, and other regulatory requirements. Working with state agencies, federal and local governments, citizens and private sector businesses, ESRMO helps to manage risk to support secure and sustainable information technology services to meet the needs of our citizens.
Objectives
- Protect confidentiality, integrity and availability of citizen’s data
- Data is classified according to state law.
- Data is encrypted when appropriate.
- Ensure data is not compromised.
- Data is available when required by citizens, agencies, or application.
- Promote secure information technology operations environment
- Coordinate incident response between the interested parties.
- Statewide program for vulnerability management.
- Disseminate information about protective measures to take against existing and upcoming security threats.
- Provide training of North Carolina technology employees in the area of information security.
- Help to create and sustain information security awareness programs.
- Coordination / Communication
- Work with agencies to disperse information concerning security incidents
- Work with State and Federal law enforcement as required
- Provide input on security for statewide information technology projects
- Coordinate statewide security communication
- Identify and provide guidance on risk management, and business continuity/COOP and audits
- Provide assistance and consultation on IT risk management, and business continuity plans/COOP
- Facilitate and coordinate audits/assessments of information technology infrastructure.
- Support enterprise business continuity software
- Provides reasonable assurance that IT security objectives are being achieved