An enterprise approach optimizes IT security and risk management activities performed at the statewide level, allowing North Carolina to gain economies of scale and helping to ensure security program consistency.
To support agencies’ efforts to improve their information security and risk management posture, the state has created an enterprise IT fund and allocated a portion of those funds to help define and implement the following enterprise security and risk management initiatives coordinated for the state chief information officer by the N.C. Department of Information Technology’s Enterprise Security and Risk Management Office.
Statewide Security Policies, Standards & Procedures Framework
North Carolina builds and maintains the state policy standards and procedures (PSPs) framework to ensure that all agencies have a common baseline of PSPs within the National Institute of Standards and Technology 800-53 standards framework.
Enterprise Security & Risk Management Training
The statewide security and risk management training and awareness program addresses a wide range of needs from general staff awareness to specific training for information security and business continuity management professionals.
Purchase & Deployment of Security and Risk Management Technologies
North Carolina benefits from an enterprise approach to the purchase and deployment of security technologies as the state technology infrastructure is upgraded to support information technology consolidation.
Statewide Information Security Threat Management & Incident Response
The ESRMO operates a threat management team to raise awareness of cyberthreats and improve cyber incident response.
Enterprise Approach for IT Business Continuity Management
State agencies benefit from an enhanced, standardized and centrally managed business continuity management planning tools that support statewide IT infrastructure and services.