[Mission & Objectives]
[Strategic Plan For Information Security]
Information Security Services
[Statewide Policies and Guidelines]
[Security Standards Deviation Reporting]
[Statewide Security Initiatives]
[Antivirus Tools and Updates]
[Information Security Portal]
[Security Documentation]
[2004 Security Assessment]
[Emergency Alerts]
[Incident Management]
[Information Security Incident Reporting]
[NC-ISAC]
Risk Management Services
[Continuity of Operations and IT Business Continuity]
[Internal Audit Charter]
[Risk Management Services ]
[Business Continuity Software Updates and Training]
[State Chief Information Officer]
[Office of Information Technology Services]
The agency security assessment conducted in 2004 recommended a statewide approach to information security. An enterprise approach optimizes information technology (IT) security and risk management activities performed at the statewide level allowing the State to gain economies of scale and helping to ensure security program consistency.
In order to support agencies efforts to improve their information security and risk management posture, the State has created an enterprise IT fund and allocated a portion of those funds to the following enterprise security and risk management initiatives coordinated by the Enterprise Security and Risk Management Office (ESRMO).
- Statewide Security Policies, Standards and Procedures Framework
- Enterprise Security Awareness and Training Program
- Enterprise Approach to the Purchase and Deployment of Security Technologies
- Statewide Information Security Threat Management and Incident Response
- Enterprise Approach to Risk Management and IT Business Continuity Planning