Defending North Carolina's IT Assets

In the digital world, we are continuously vulnerable to cybercrime and security threats that harm residents, institutions, businesses and the economy.

Mission

The State Chief Information Officer is responsible for securing North Carolina’s information assets, including data and the supporting infrastructure.

The N.C. Department of Information Technology’s Enterprise Security and Risk Management Office supports the state CIO by providing leadership in the development, delivery and maintenance of a cybersecurity program that safeguards North Carolina’s information and supporting infrastructure against unauthorized use, disclosure, modification, damage or loss.

This comprehensive statewide cybersecurity program encompasses:

  • Information security implementation
  • Monitoring
  • Threat and vulnerability management
  • Cyber incident management
  • Enterprise business continuity management

ESRMO works with executive branch agencies to help them comply with requirements that include:

  • Legal and regulatory requirements
  • Statewide technical architecture
  • Industry best practices

It also works with state agencies, federal and local governments, citizens and private-sector businesses to help manage risk to support secure and sustainable information technology services to meet the needs of North Carolinians.

Objectives

ObjectiveDescription
Protect the confidentiality, integrity and availability of North Carolina residents’ data
  • Ensure data is classified and retained, according to state law
  • Ensure data is encrypted, when appropriate
  • Ensure data is not compromised
  • Ensure data is available when required by citizens, agencies or applications
Promote a safe and secure information technology operations environment
  • Coordinate incident response between interested parties
  • Manage the statewide program of threat and vulnerability management
  • Disseminate information about protective measures for security and business continuity threats
  • Provide training to North Carolina employees in cybersecurity, risk, compliance and business continuity
  • Help create and sustain information security and risk management awareness programs
Coordinate information sharing and communication
  • Work with agencies to disperse information about risks and security incidents
  • Work with state, local and federal agencies, as required
  • Advise on risk management and security for statewide information technology projects
  • Coordinate statewide security and risk management communication
Identify and provide guidance on business continuity management
  • Assist with and consult on business continuity risk assessment, and business continuity, disaster recovery and continuity of operations plans
  • Facilitate and coordinate audits and assessments of IT infrastructure
  • Support enterprise business continuity management
  • Provide reasonable assurance that continuity of operations and continuity of government objectives are being achieved

 

Our Value

The value of ESRMO lies in delivering enterprise-level cybersecurity, risk management, and operational resilience for North Carolina. This comprehensive cybersecurity program protects critical infrastructure, ensures compliance, mitigates cyber threats and fosters trust in digital services for agencies, municipalities, educational institutions, third-party vendors and residents. ESRMO safeguards state systems against unauthorized use, disclosure, modification, damage or loss.

ESRMO value diagram
Off