Skip to main content
NCDIT logo NCDIT

Topical Navigation

  • Home
  • Services
  • Programs
    Programs
    • Broadband & Digital Equity
    • CJLEADS
    • Enterprise Strategy
    • FirstTech
    • IT Volume Purchasing
    • N.C. 911 Board
    • N.C. Health Information Exchange Authority
    • NC360
    • Optimization
    • Project Portfolio Management
  • Resources
    Resources
    • COVID-19 Resources
    • Cybersecurity & Risk Management
    • Data Protection & Privacy
    • Statewide IT Strategic Plan
    • Statewide IT Procurement
    • State IT Policies
    • IT Application Portfolio Management
    • Standards
    • Resources Guide
    • Knowledge College
    • Documents
    • Reports
  • About
    About
    • Commitment to Customers
    • Leadership
    • Boards & Commissions
    • Climate Change & Clean Energy
    • NCDIT Strategic Plan
    • Work for NCDIT
    • Annual Report
    • Rules Review
  • News & Events
    News & Events
    • Events
    • Press Releases
  • Support
    Support
    • NCID
    • Training & User Resources
    • Submit a Service Desk Ticket
    • Report a Cybersecurity Incident
    • Services Status
  • Contact
    Contact
    • Media Inquiries
    • Public Records Requests
    • Speaker Requests
  • PASSWORD HELP
  • SERVICE PORTAL
  • CAREERS
  • NC.GOV
NCDIT »   Resources »   Cybersecurity & Risk Management »   Information & Risk Management Services »   Information Security Consulting & Support

Information Security Consulting & Support

Service Description

The Enterprise Security and Risk Management Office offers information security consulting and support services to help state agencies safeguard citizens' data and meet the requirements of the security standards legislation (N.C.G.S. 143B-1376-1378) and other legal and regulatory requirements.

Services Provided

Service Details
Security consulting
  • Provide supporting analysis to help agencies resolve information technology risks, threats and vulnerabilities and to implement adequate risk mitigation measures
  • Provide consultation to help agencies respond to audit and/or security assessment findings
Security manual development and ongoing review of statewide policeis, standards and procedures
  • Provide security framework and manual
  • Assist agency with understanding and interpreting statewide security policies and standards and legal and regulatory requirements
Security training and awareness activities and materials
  • Provide security training and awareness events for state agencies
  • Coordinate purchase and distribution of security training and awareness materials for use in state agencies
Coordination of required agency security liaison support role
  • Coordinate background checks for agency security liaisons
  • Maintain agency security contact information
  • Notify agency security contacts of statewide and agency security matters
Review of statewide and agency projects/initiatives for adequate information security risk mitigation provisions
  • Coordinate background checks for agency security liaisons
  • Maintain agency security contact information
  • Notify agency security contacts of statewide and agency security matters
Enterprise purchasing contracts for security related components
  • Research and evaluate security technologies to identify strategic enterprise approaches for the deployment of security technologies that permit the state to benefit from standardization and economies of scale
  • Strategic planning for statewide security needs

Benefits

  • Use of a standards-based approach to security and risk management
  • Increased understanding and awareness of information security matters that will improve an agency's security posture
  • Active participation in the integration of agency-level and state-level security processes

Hours of Availability

  • The services are available from 7 a.m. to 6 p.m., Monday through Friday, except for holidays.
  • On-call staffing is available for emergencies and after-hours scheduled work.
  • In the event the agency seeks vulnerability or port scanning, the scanning activity will be conducted within the customer's maintenance window unless other arrangements are made.
  • Emergency maintenance windows will be handled using the urgent change process.

Customer Responsibilities

Business Continuity and Disaster Recovery Plans

  • Identify critical agency business systems and applications.

  • Implement agency data classification, retention and handling measures based on legal and regulatory requirements as required by statute.

  • Follow appropriate incident reporting procedures, including cybersecurity incident reporting, as required by statute.

  • Follow standard processes and procedures for cybersecurity incident reporting.

  • Request and schedule special services (e.g., installation of new equipment, after-hours support) well in advance of required date.

  • Be aware of and comply with the security standards, policies and procedures established by the state chief information officer, as well as N.C. Department of Information Technology policies for NC DIT-provided services, such as email and network.

  • Be available to provide critical information to assist in the resolution of cyber incidents.

  • Provide agency staff to support, advise and assist with agency information security matters.

  • Assess, manage and mitigate agency information security risk.

  • Define and implement appropriate agency internal security policies, standards and procedures.

  • Provide security training to agency staff.

  • Define and implement agency internal information security incident plans and procedures and integrate with the statewide cybersecurity incident plan.

  • Provide internal agency security incident response oversight.

  • Develop and follow agency-level project plans to implement agency level security.

How Do We Charge?

The Enterprise Security and Risk Management Office does not currently charge for this service.

Request Any Service

Contact the NC DIT Service Desk:
Phone: 919-754-6000 or 1-800-722-3946
Or file a service ticket in the NCDIT Service Portal.

Information & Risk Management Services

  • Business Continuity Management Services
  • Information Security Consulting & Support
  • Information Security Services
  • Information Security Threat Management & Incident Response

Share this page:

  • Facebook
  • Twitter
  • Email

How can we make this page better for you?

Back to top

Contact

N.C. Department of Information Technology

P.O. Box 17209
Raleigh, NC 27619-7209
919-754-6000
800-722-3946

 

@NCDIT

Tweets by @NCDIT

Quick Links

NCDIT Service Portal
NCDIT Service Desk
NCID Assistance
Training & User Resources
Statewide IT Strategic Plan
Cybersecurity Incident Reporting
NCDIT Communications Hub

Follow Us

  • Facebook
  • Twitter
  • Flickr
  • YouTube
  • LinkedIn
  • Accessibility
  • Terms of Use
  • Privacy Policy
  • Open Budget
https://it.nc.gov/resources/cybersecurity-risk-management/services/consulting-support