Skip to main content
NCDIT logo NCDIT

Topical Navigation

  • Home
  • Services
  • Programs
    Programs
    • Broadband & Digital Equity
    • CJLEADS
    • Enterprise Strategy
    • FirstTech
    • IT Volume Purchasing
    • N.C. 911 Board
    • N.C. Health Information Exchange Authority
    • NC360
    • Optimization
    • Project Portfolio Management
  • Resources
    Resources
    • COVID-19 Resources
    • Cybersecurity & Risk Management
    • Data Protection & Privacy
    • Statewide IT Strategic Plan
    • Statewide IT Procurement
    • State IT Policies
    • IT Application Portfolio Management
    • Standards
    • Resources Guide
    • Knowledge College
    • Documents
    • Reports
  • About
    About
    • Commitment to Customers
    • Leadership
    • Boards & Commissions
    • Climate Change & Clean Energy
    • NCDIT Strategic Plan
    • Work for NCDIT
    • Annual Report
    • Rules Review
  • News & Events
    News & Events
    • Events
    • Press Releases
  • Support
    Support
    • NCID
    • Training & User Resources
    • Submit a Service Desk Ticket
    • Report a Cybersecurity Incident
    • Services Status
  • Contact
    Contact
    • Media Inquiries
    • Public Records Requests
    • Speaker Requests
  • PASSWORD HELP
  • SERVICE PORTAL
  • CAREERS
  • NC.GOV
NCDIT »   Resources »   Cybersecurity & Risk Management »   Information & Risk Management Services »   Information Security Threat Management & Incident Response

Information Security Threat Management & Incident Response

Service Description

The Enterprise Security and Risk Management Office offers information security threat management and incident response services to help state agencies safeguard the public’s data, to meet the requirements of the security standards legislation and other legal and regulatory requirements.

Services Provided

Service Details
Threat management
  • Notice provided to appropriate agency staff, security liaisons and members of the security distribution list concerning new viruses, worms and other threats to the health of the state's network
  • Notice provided to agency security liaisons and members of the security distribution list concerning vulnerabilities in widely deployed operating systems and applications
Security consulting
  • Assist agencies with analysis, resolution and maintenance of information technology security risks, threats, vulnerabilities and protection requirements • Provide consultation in response to audit and/or security assessment findings
  • Review agency incident management plans
Security training
  • Train and assist agency with development and maintenance of agency incident management plans
  • Provide incident management plan response training

Benefits

  • Integration of the statewide and agency level cybersecurity incident plans

  • An informed approach to threat management

  • An increased understanding and awareness of information security vulnerabilities that, in turn, improves an agency's overall security posture

Hours of Availability

  • The services described are available from 7 a.m. to 6 p.m., Monday through Friday, except for holidays.

  • On-call staffing is available for emergencies and after-hours scheduled work.

Customer Responsibilities

  • Follow appropriate incident reporting procedures for cyber incidents.

  • Identify critical business systems and applications.

  • Implement agency data classification and handling measures based on legal and regulatory requirements.

  • Provide emergency contact information for key agency personnel who may be needed during a cybersecurity incident.

  • Be aware of and comply with the state CIO security standards, policies and procedures as well as NC DIT policies for NC DIT services such as email and network.

  • Be available to provide critical information to assist in the resolution of reported incidents.

  • Appoint qualified staff to support information security measures.

  • Assess and manage agency information security risk.

  • Define and implement appropriate agency internal security policies, standards and procedures.

  • Provide appropriate security training to agency staff.

  • Define and implement agency internal security incident policies, standards and procedures.

  • Integrate agency internal information security incident plans with the statewide security incident plan.

  • Provide internal agency security incident response oversight.

  • Develop and follow agency project plans to implement security in the agency.

How Do We Charge?

The Enterprise Security and Risk Management Office does not currently charge for this service. Basic forensic services for executive branch agencies are included at no charge. Rates for other forensic services are quoted on request.

Request Any Service

Contact the NC DIT Service Desk:
Phone: 919-754-6000 or 1-800-722-3946
NCDIT Service Portal

Information & Risk Management Services

  • Business Continuity Management Services
  • Information Security Consulting & Support
  • Information Security Services
  • Information Security Threat Management & Incident Response

Share this page:

  • Facebook
  • Twitter
  • Email

How can we make this page better for you?

Back to top

Contact

N.C. Department of Information Technology

P.O. Box 17209
Raleigh, NC 27619-7209
919-754-6000
800-722-3946

 

@NCDIT

Tweets by @NCDIT

Quick Links

NCDIT Service Portal
NCDIT Service Desk
NCID Assistance
Training & User Resources
Statewide IT Strategic Plan
Cybersecurity Incident Reporting
NCDIT Communications Hub

Follow Us

  • Facebook
  • Twitter
  • Flickr
  • YouTube
  • LinkedIn
  • Accessibility
  • Terms of Use
  • Privacy Policy
  • Open Budget
https://it.nc.gov/resources/cybersecurity-risk-management/services/threat-management-response