Skip to main content
NCDIT logo NCDIT

Topical Navigation

  • Home
  • Services
  • Programs
    Programs
    • Broadband & Digital Equity
    • CJLEADS
    • Privacy & Data Protection
    • IT Volume Purchasing
    • FirstTech
    • N.C. 911 Board
    • N.C. Health Information Exchange Authority
    • NC360
    • Project Portfolio Management
    • Optimization
  • Resources
    Resources
    • Cybersecurity & Risk Management
    • Statewide IT Strategic Plan
    • Statewide IT Procurement
    • State IT Policies
    • IT Application Portfolio Management
    • Standards
    • Resources Guide
    • Knowledge College
    • Documents
    • Reports
  • About
    About
    • Commitment to Customers
    • Leadership
    • Boards & Commissions
    • Climate Change & Clean Energy
    • NCDIT Strategic Plan
    • Work for NCDIT
    • Annual Report
    • Rules Review
  • News & Events
    News & Events
    • Meetings & Events
    • Press Releases
    • Public Access & Participation Plan
  • Support
    Support
    • NCID
    • Training & User Resources
    • Submit a Service Desk Ticket
    • Report a Cybersecurity Incident
    • Services Status
  • Contact
    Contact
    • Media Inquiries
    • Public Records Requests
    • Speaker Requests
  • PASSWORD HELP
  • SERVICE PORTAL
  • CAREERS
  • NC.GOV
NCDIT »   Resources »   Cybersecurity & Risk Management »   About the ESRMO

About the Enterprise Security & Risk Management Office

Defending North Carolina's IT Assets

In the digital world, we are continuously vulnerable to cybercrime and security threats that harm citizens, institutions, businesses and the economy.

Mission

The state chief information officer is responsible for securing North Carolina’s information assets, including data and the supporting infrastructure.

The N.C. Department of Information Technology’s Enterprise Security and Risk Management Office, or ESRMO, supports the state CIO by providing leadership in the development, delivery and maintenance of a cybersecurity program that safeguards the North Carolina’s information and supporting infrastructure against unauthorized use, disclosure, modification, damage or loss.

This comprehensive statewide cybersecurity program encompasses:

  • Information security implementation
  • Monitoring
  • Threat and vulnerability management
  • Cyber incident management
  • Enterprise business continuity management

ESRMO works with executive branch agencies to help them comply with requirements that include:

  • Legal and regulatory requirements
  • Statewide technical architecture
  • Industry best practices

It also works with state agencies, federal and local governments, citizens and private-sector businesses to help manage risk to support secure and sustainable information technology services to meet the needs of North Carolina’s citizens.

Objectives

Objective Description
Protect the confidentiality, integrity and availability of North Carolina residents’ data.
  • Ensure data is classified and retained, according to state law.
  • Ensure data is encrypted, when appropriate.
  • Ensure data is not compromised.
  • Ensure data is available when required by citizens, agencies or application.
Promote a safe and secure information technology operations environment.
  • Coordinate incident response between interested parties.
  • Manage the statewide program of threat and vulnerability management.
  • Disseminate information about protective measures for security and business continuity threats.
  • Provide training to North Carolina employees in cybersecurity, risk, compliance and business continuity.
  • Help create and sustain information security and risk management awareness programs.
Coordinate information sharing and communication.
  • Work with agencies to disperse information about risks and security incidents.
  • Work with state, local and federal agencies, as required.
  • Advise on risk management and security for statewide information technology projects.
  • Coordinate statewide security and risk management communication.
Identify and provide guidance on business continuity planning.
  • Assist with and consult on business continuity risk management, business continuity, disaster recovery and continuity of operations plans.
  • Facilitate and coordinate audits and assessments of IT infrastructure.
  • Support enterprise business continuity management.
  • Provide reasonable assurance that continuity of operations and continuity of government objectives are being achieved.

 

Cybersecurity & Risk Management

  • Cyber Incident Reporting
  • Statewide Cybersecurity Incident Report Form
  • Cybersecurity Awareness
  • About the ESRMO
  • ESRMO Initiatives
  • Information & Risk Management Services
  • N.C. Information Sharing & Analysis Center
  • Contact

Share this page:

  • Facebook
  • Twitter
  • Email

How can we make this page better for you?

Back to top

Contact

N.C. Department of Information Technology

P.O. Box 17209
Raleigh, NC 27619-7209
919-754-6000
800-722-3946

 

@NCDIT

Tweets by @NCDIT

Quick Links

NCDIT Service Portal
NCDIT Service Desk
NCID Assistance
Training & User Resources
Statewide IT Strategic Plan
Cybersecurity Incident Reporting
NCDIT Communications Hub

Follow Us

  • Facebook
  • Twitter
  • Flickr
  • YouTube
  • LinkedIn
  • Accessibility
  • Terms of Use
  • Privacy Policy
  • Open Budget
https://it.nc.gov/resources/cybersecurity-risk-management/about