Information Security Services

Security Standards Exception Reporting

Exceptions to the Statewide Information Security Manual may be reported using an Exception Request Form.

Vendor Readiness Assessment Report

This template should be used when engaging vendors for solutions that are both hosted on the State's infrastructure (e.g. EDC or WDC) and those that are not hosted on the state's infrastructure, such as Infrastructure as a Service, Platform as a Service and Software as a Service. The document captures the “baseline” security requirements that MUST be addressed by vendors to ensure the security of the State’s data. Agencies may add additional requirements due to Federal or other statutory mandates.

• Vendor Readiness Assessment Report

Incident Management

North Carolina government agencies handle security breaches and other incidents involving information technology under the terms and conditions of the Memorandum of Understanding for Information Security Threat Responsibilities.

Organizations that provide information on the development and operation of incident management plans are listed below:

• Forum of Incident Response and Security Teams
• SANS Information Reading Room
• Subscribe to ESRMO Security and Vulnerability Alerts Mailing List
• InfraGard

Information Security Incident Reporting

• N.C.G.S. 143B-1379 State Agency Cooperation
• Statewide Information Security Reporting Form

Emergency Alerts

The following links provide a clearinghouse of information on new and existing vulnerabilities:

• Cybersecurity and Infrastructure Security Agency
• SANS Internet Storm Center
• Multi-State Information Sharing and Analysis Center
• Department of Energy Cyber Incident Response Capability

Antivirus Tools & Updates

The latest vendor patches, virus alerts, updates and hoax information:

• Trend Micro
• Symantec
• McAfee
• Hoax Verification
• Microsoft

Security Documentation

Online Security Documentation

• NSI
• NIST Publications

Organizations

• International Information Systems Security Certification Consortium
• Information Systems Security Association
• Information Systems Audit and Control Association
• National Institute of Standards and Technology
• National Security Agency
• KnowBe4
• SANS Institute
• University of North Carolina at Charlotte
• Cybersecurity and Infrastructure Security Agency
• National Cybersecurity Alliance