Enterprise Information Security Threat Management and Incident Response
Information Security Threat Management and Incident Response services are offered by the Enterprise Security and Risk Management Office to help State agencies safeguard citizens’ data, to meet the requirements of the security standards legislation, N.C.G.S. § 147-33.110 through 33.113, and other legal and regulatory requirements.
- Threat Management
- Notice provided to appropriate agency staff, security liaisons, and members of the security distribution list concerning new viruses, worms, and other threats to the health of the State's network
- Notice provided to agency security liaisons and members of the security distribution list concerning vulnerabilities in widely deployed operating systems and applications
- Coordination of governmental security operations throughout the State and nation
- Integration with other states and the U.S. Department of Homeland Security as part of the MS-ISAC
- Cyber incident management and forensic support activities
- Statewide cybersecurity incident response plan
- Integration of agency incident plans with the statewide incident plan
- Confidential communications through the ESRMO Security Portal
- Security Consulting
- Assist agencies with analysis, resolution, and maintenance of information technology security risks, threats, vulnerabilities, and protection requirements
- Provide consultation in response to audit and/or security assessment findings
- Review agency incident management plans
- Security Training
- Train and assist agency with development and maintenance of agency incident management plans
- Provide incident management plan response training
- Integration of the statewide and agency level cybersecurity incident plans
- Access to the North Carolina Information Sharing and Analysis Center (NC-ISAC). The NC-ISAC is operated by the Enterprise Security and Risk Management Office (ESRMO) Information Protection Team. NC-ISAC is part of the Multi State Information Sharing and Analysis Center (MS-ISAC), comprised of individual state ISACs and the U.S. Department of Homeland Security, United States Computer Emergency Readiness Team (US-CERT). The centers share and distribute information on cybersecurity vulnerabilities, threats, warnings, and risk mitigation measures with all participants, making some of the best and most timely cybersecurity information available to the agency. Using these services allows an agency to be an active participant in the integration of agency, state, and national level security cybersecurity incident and threat management processes.
- An informed approach to threat management
- An increased understanding and awareness of information security vulnerabilities that, in turn, improves an agency's overall security posture
Hours of Availability
- The services described are available from 7:00 a.m. to 6:00 p.m., Monday through Friday, except for holidays.
- On-call staffing is available for emergencies and after hours scheduled work.
- Follow appropriate incident reporting procedures for cyber incidents.
- Identify critical business systems and applications.
- Implement agency data classification and handling measures based on legal and regulatory requirements.
- Provide emergency contact information for key agency personnel who may be needed during a cybersecurity incident.
- Be aware of and comply with the State CIO security standards, policies, and procedures as well as DIT policies for DIT services such as email and network.
- Be available to provide critical information to assist in the resolution of reported incidents.
- Appoint qualified staff to support information security measures.
- Assess and manage agency information security risk.
- Define and implement appropriate agency internal security policies, standards and procedures.
- Provide appropriate security training to agency staff.
- Define and implement agency internal security incident policies, standards and procedures.
- Integrate agency internal information security incident plans with the statewide security incident plan.
- Provide internal agency security incident response oversight.
- Develop and follow agency project plans to implement security in the agency.
How Do We Charge?
Currently, the Enterprise Security and Risk Management Office (ESRMO) does not charge for this service.
Basic forensic services for executive branch agencies are included at no charge. Rates for other forensic services are quoted on request.
Request Any Service
Contact Our Service Desk:
Phone: 919-754-6000 or 1-800-722-3946