[Mission & Objectives]
[Strategic Plan For Information Security]
Information Security Services
[Statewide Policies and Guidelines]
[Security Standards Deviation Reporting]
[Statewide Security Initiatives]
[Antivirus Tools and Updates]
[Information Security Portal]
[Security Documentation]
[2004 Security Assessment]
[Emergency Alerts]
[Incident Management]
[Information Security Incident Reporting]
[NC-ISAC]
Risk Management Services
[Continuity of Operations and IT Business Continuity]
[Internal Audit Charter]
[Risk Management Services ]
[Business Continuity Software Updates and Training]
[State Chief Information Officer]
[Office of Information Technology Services]
The North Carolina
Information Sharing and Analysis Center (NC-ISAC) CharterThe mission of the NC-ISAC, consistent with the objectives of the National Strategy to Secure Cyberspace, is to provide a common mechanism for raising the level of cyber security readiness and response in state and local governments. The NC-ISAC provides a central resource for gathering information on cyber threats to critical infrastructure from state agencies and providing two-way sharing of information between and among the state agencies and with local government where permissible.
Major Objectives of the NC-ISAC
- Disseminate early warnings of cyber system threats
- Share security incident information
- Provide trending and other analysis for security planning
- Distribute current proven security practices and suggestions
- Promote awareness of the interdependencies between cyber and physical critical infrastructure, as well as between and among the different sectors
Structure
The NC-ISAC is operated by the State of North Carolina Office of Information Technology Services (ITS), Enterprise Security and Risk Management Office (ESRMO) Information Protection team at the direction of the State Chief Information Officer (State CIO) and State Chief Information Security Officer. The Information Protection team is strategically aligned to facilitate NC-ISAC coordination as the primary abuse complaint receiver and single point of contact with law enforcement on all ITS operated and assigned network IP addresses. The NC-ISAC Information Protection team is also responsible for cyber security incident response within the executive branch of state government as well as the timely dissemination of cyber security threats and warnings.
NC-ISAC Services
- Distribute cyber security advisories and bulletins
- Cyber incident response & assistance to NC-ISAC Members
- Operate NC-ISAC secure website
- Participate in cyber exercises, like the national Live Wire and Cyber Storm exercises
- Adhere to cyber incident reporting statutes
- Support and promotion of National Cyber Security Awareness Month
- Access to the NC-ISAC Contacts Database through the US-CERT web portal
- Distribution of tools, software, and brochures provided by the MS-ISAC
- Represent all NC-ISAC members at the yearly meeting of the MS-ISAC
- Collaboration with third parties when necessary on behalf of the NC-ISAC
NC-ISAC Cyber Analysis Center
The NC-ISAC Cyber Analysis Center receives, vets, and correlates information on vulnerability, threat and other significant cyber-related events. Relevant and significant information is then redistributed to the entire membership. Before redistribution, information is analyzed to incorporate a “value add” – in other words incorporation of additional information regarding mitigation strategies or interim steps that can be taken to protect the infrastructure. These advisories are then distributed to the Members.
NC-ISAC Common Cyber Alert Level Procedures
The NC-ISAC has adopted a common Cyber Alert Indicator Protocol to ensure consistency in cyber alert levels across members. This protocol provides an indication that a member who has posted their cyber alert level at “Guarded” has met certain criteria that meets this cyber alert level. (Link: http://www.cscic.state.ny.us/alertlevel/)
NC-ISAC Cyber Security Incident Reporting Procedures
By General Statute state executive branch agencies are required to report cyber security incidents to the State Chief Information Officer. Information from these reports is used to provide trending on cyber security threats as well as determine the need to notify NC-ISAC members of possible large scale malware outbreaks or cyber attacks. Monthly reports listing all reported cyber security incidents are provided to the Office of State Auditor and Department of Justice in compliance with a “Memorandum of Understanding” (MOU) between the State CIO, State Auditor and Attorney General.
Non-executive branch members of the NC-ISAC may voluntarily report cyber security incidents if they feel the information will be a benefit to all members for trending purposes or if the member needs assistance from the NC-ISAC to facilitate passing the information to the Multi-State ISAC for complete analysis. Any information received through voluntary or mandatory reporting will be redacted to eliminate the possibility of identifying the submitter if the information is deemed valuable from awareness standpoint and redistributed to all NC-ISAC members.
Reporting of cyber security incidents may be completed by:
- Using a secure web based incident reporting form at https://incident.its.state.nc.us/
- Contacting a member of the Information Protection team directly
- Tim Brown 919-871-6499
- Andre Henry 919-981-5151
- Michael McCray 919-981-4473
- Group E-Mail (security@its.nc.gov)
- Contacting the ITS Service Desk (For Immediate Assistance)
- Its.incidents@its.nc.gov
- 800-722-3946
- 919-754-6000