Information Security Services
Security Standards Exception Reporting
Exceptions to the Statewide Information Security Manual may be reported using an Exception Request Form.
Vendor Readiness Assessment Report
This template should be used when engaging vendors for solutions that are both hosted on the State's infrastructure (e.g. EDC or WDC) and those that are not hosted on the state's infrastructure, such as Infrastructure as a Service, Platform as a Service and Software as a Service. The document captures the “baseline” security requirements that MUST be addressed by vendors to ensure the security of the State’s data. Agencies may add additional requirements due to Federal or other statutory mandates.
Incident Management
North Carolina government agencies handle security breaches and other incidents involving information technology under the terms and conditions of the Memorandum of Understanding for Information Security Threat Responsibilities.
Organizations that provide information on the development and operation of incident management plans are listed below:
- Forum of Incident Response and Security Teams
- SANS Information Reading Room
- Subscribe to ESRMO Security and Vulnerability Alerts Mailing List
- InfraGard
Information Security Incident Reporting
Emergency Alerts
The following links provide a clearinghouse of information on new and existing vulnerabilities:
- Cybersecurity and Infrastructure Security Agency
- SANS Internet Storm Center
- Multi-State Information Sharing and Analysis Center
- Department of Energy Cyber Incident Response Capability
Antivirus Tools & Updates
The latest vendor patches, virus alerts, updates and hoax information:
Security Documentation
Online Security Documentation
Organizations
- International Information Systems Security Certification Consortium
- Information Systems Security Association
- Information Systems Audit and Control Association
- National Institute of Standards and Technology
- National Security Agency
- KnowBe4
- SANS Institute
- University of North Carolina at Charlotte
- Cybersecurity and Infrastructure Security Agency
- National Cybersecurity Alliance