ESRMO Initiatives An enterprise approach optimizes IT security and risk management activities performed at the statewide level, allowing North Carolina to gain economies of scale and helping to ensure security program consistency. To support agencies’ efforts to improve their information security and risk management posture, the state has created an enterprise IT fund and allocated a portion of those funds to help define and implement the following enterprise security and risk management initiatives coordinated for the state chief information officer by the N.C. Department of Information Technology’s Enterprise Security and Risk Management Office. Statewide Security Policies, Standards & Procedures Framework North Carolina builds and maintains the state policy standards and procedures (PSPs) framework to ensure that all agencies have a common baseline of PSPs within the National Institute of Standards and Technology 800-53 standards framework. Learn More Enterprise Security & Risk Management Training The statewide security and risk management training and awareness program addresses a wide range of needs from general staff awareness to specific training for information security and business continuity management professionals. Learn More Purchase & Deployment of Security and Risk Management Technologies North Carolina benefits from an enterprise approach to the purchase and deployment of security technologies as the state technology infrastructure is upgraded to support information technology consolidation. Learn More Statewide Information Security Threat Management & Incident Response The ESRMO operates a threat management team to raise awareness of cyberthreats and improve cyber incident response. Learn More Enterprise Approach for IT Business Continuity Management State agencies benefit from an enhanced, standardized and centrally managed business continuity management planning tools that support statewide IT infrastructure and services. Learn More
ESRMO Initiatives An enterprise approach optimizes IT security and risk management activities performed at the statewide level, allowing North Carolina to gain economies of scale and helping to ensure security program consistency. To support agencies’ efforts to improve their information security and risk management posture, the state has created an enterprise IT fund and allocated a portion of those funds to help define and implement the following enterprise security and risk management initiatives coordinated for the state chief information officer by the N.C. Department of Information Technology’s Enterprise Security and Risk Management Office. Statewide Security Policies, Standards & Procedures Framework North Carolina builds and maintains the state policy standards and procedures (PSPs) framework to ensure that all agencies have a common baseline of PSPs within the National Institute of Standards and Technology 800-53 standards framework. Learn More Enterprise Security & Risk Management Training The statewide security and risk management training and awareness program addresses a wide range of needs from general staff awareness to specific training for information security and business continuity management professionals. Learn More Purchase & Deployment of Security and Risk Management Technologies North Carolina benefits from an enterprise approach to the purchase and deployment of security technologies as the state technology infrastructure is upgraded to support information technology consolidation. Learn More Statewide Information Security Threat Management & Incident Response The ESRMO operates a threat management team to raise awareness of cyberthreats and improve cyber incident response. Learn More Enterprise Approach for IT Business Continuity Management State agencies benefit from an enhanced, standardized and centrally managed business continuity management planning tools that support statewide IT infrastructure and services. Learn More