[Strategic Plan for Security and Risk Management]
[Enterprise Security and Risk Management Initiatives]
Information Security Services
[Security Consulting]
[Statewide Policies and Guidelines]
[Security Standards Deviation Reporting]
[Antivirus Tools and Updates]
[Information Security Portal]
[Security Documentation]
[2004 Security Assessment]
[Emergency Alerts]
[Incident Management]
[Information Security Incident Reporting]
[NC-ISAC]
[Cyber Security Awareness]
Risk Management Services
[Continuity of Operations and IT Business Continuity]
[Risk Management Program ]
[Business Continuity Software Updates and Training]
[Intergovernmental Preparedness for Essential Records (IPER)]
[Report to the General Assembly on Business Continuity and Disaster Recovery]
Audit and Compliance Services
[Internal Audit Charter]
[Mission Statement]
[Services Statement]
[Scope Statement]
[Special Projects]
[Ethics and Standards]
[State Chief Information Officer]
[Office of Information Technology Services]
Mission
The Enterprise Security and Risk Management Office (ESRMO) provides leadership in the development, delivery and maintenance of an information security and risk management program that safeguards the state's information assets and the supporting infrastructure against unauthorized use, disclosure, modification, damage or loss. The ESRMO supports a comprehensive statewide program that encompasses information security implementation, monitoring, threat and vulnerability management, cyber incident management, and enterprise business continuity management. The ESRMO works with executive branch agencies to help them comply with legal and regulatory requirements, the statewide technical architecture, policies, industry best practices, and other requirements. Working with state agencies, federal and local governments, citizens and private sector businesses, ESRMO helps to manage risk to support secure and sustainable information technology services to meet the needs of our citizens.
Objectives
- Protect confidentiality, integrity and availability of citizen’s data
- Data is classified and retained according to state law
- Data is encrypted when appropriate
- Ensure data is not compromised
- Data is available when required by citizens, agencies, or application
- Promote a safe and secure information technology operations environment
- Coordinate incident response between the interested parties
- Statewide program of threat and vulnerability management
- Disseminate information about protective measures for security and business continuity threats
- Provide training to North Carolina employees in information security, risk, compliance and business continuity
- Help to create and sustain information security and risk management awareness programs
- Coordination / Communication
- Work with agencies to disperse information concerning risks and security incidents
- Work with state, local, and federal agencies as required
- Advisor on risk management and security for statewide information technology projects
- Coordinate statewide security and risk management communication
- Identify and provide guidance on risk management, business continuity planning, audits and compliance
- Provide assistance and consultation on IT risk management, and business continuity plans/COOP
- Facilitate and coordinate audits/assessments of information technology infrastructure
- Support enterprise business continuity management
- Provides reasonable assurance that IT security, risk and compliance objectives are being achieved