ESRMO Initiatives

An enterprise approach optimizes IT security and risk management activities performed at the statewide level, allowing North Carolina to gain economies of scale and helping to ensure security program consistency.

To support agencies’ efforts to improve their information security and risk management posture, the state has created an enterprise IT fund and allocated a portion of those funds to help define and implement the following enterprise security and risk management initiatives coordinated for the state chief information officer by the N.C. Department of Information Technology’s Enterprise Security and Risk Management Office.

Statewide Security Policies, Standards & Procedures Framework

North Carolina builds and maintains the state policy standards and procedures framework to ensure that all agencies have a common baseline of PSPs within the National Institute of Standards and Technology 800-53 standards framework.

Learn More

Enterprise Security & Risk Management Training

The statewide security and risk management training and awareness program addresses a wide range of needs from general staff awareness to specific training for information security and business continuity management professionals.

Learn More

Purchase & Deployment of Security and Risk Management Technologies

North Carolina benefits from an enterprise approach to the purchase and deployment of security technologies as the state technology infrastructure is upgraded to support information technology consolidation.

Learn More

Statewide Information Security Threat Management & Incident Response

The ESRMO operates a threat management team to raise awareness of cyberthreats and improve cyber incident response.

Learn More

Enterprise Approach for IT Business Continuity Management

State agencies benefit from an enhanced, standardized and centrally managed business continuity management planning tools that support statewide IT infrastructure and services.

Learn More