The Enterprise Security and Risk Management Office offers information security consulting and support services to help state agencies safeguard citizens' data and meet the requirements of the security standards legislation (N.C.G.S. 143B-1376-1378) and other legal and regulatory requirements.
|Security manual development and ongoing review of statewide policeis, standards and procedures||
|Security training and awareness activities and materials||
|Coordination of required agency security liaison support role||
|Review of statewide and agency projects/initiatives for adequate information security risk mitigation provisions||
|Enterprise purchasing contracts for security related components||
- Use of a standards-based approach to security and risk management
- Increased understanding and awareness of information security matters that will improve an agency's security posture
- Active participation in the integration of agency-level and state-level security processes
Hours of Availability
- The services are available from 7 a.m. to 6 p.m., Monday through Friday, except for holidays.
- On-call staffing is available for emergencies and after-hours scheduled work.
- In the event the agency seeks vulnerability or port scanning, the scanning activity will be conducted within the customer's maintenance window unless other arrangements are made.
- Emergency maintenance windows will be handled using the urgent change process.
Business Continuity and Disaster Recovery Plans
- Identify critical agency business systems and applications.
- Implement agency data classification, retention and handling measures based on legal and regulatory requirements as required by statute.
- Follow appropriate incident reporting procedures, including cybersecurity incident reporting, as required by statute.
- Follow standard processes and procedures for cybersecurity incident reporting.
- Request and schedule special services (e.g., installation of new equipment, after-hours support) well in advance of required date.
- Be aware of and comply with the security standards, policies and procedures established by the state chief information officer, as well as N.C. Department of Information Technology policies for NCDIT-provided services, such as email and network.
- Be available to provide critical information to assist in the resolution of cyber incidents.
- Provide agency staff to support, advise and assist with agency information security matters.
- Assess, manage and mitigate agency information security risk.
- Define and implement appropriate agency internal security policies, standards and procedures.
- Provide security training to agency staff.
- Define and implement agency internal information security incident plans and procedures and integrate with the statewide cybersecurity incident plan.
- Provide internal agency security incident response oversight.
- Develop and follow agency-level project plans to implement agency level security.
How Do We Charge?
The Enterprise Security and Risk Management Office does not currently charge for this service.
Request Any Service
Contact the NCDIT Service Desk:
Phone: 919-754-6000 or 1-800-722-3946
Or file a service ticket in the NCDIT Service Portal.