 |
 |
 |
 |
 |
 |
||||
 |
 |
|||||
 |
 |
 |
||||
 |
 |
|||||
 |
 |
|||||
 |
||||||
 |
 |
|||||
 |
|
|
|
|
|
|
| Mission |
The Information Security Office (ISO) provides leadership in the development, delivery and maintenance of an information security program that safeguards the state’s information assets and the supporting infrastructure against unauthorized use, disclosure, modification, damage or loss. The ISO supports a comprehensive statewide program that encompasses information security implementation, monitoring, threat and vulnerability management, and incident management. The ISO works with executive branch agencies to help them comply with security statues, the statewide technical security architecture, security policies, industry best practices, and other regulatory requirements. Working with state agencies, federal and local governments, citizens and private sector businesses, ISO helps to manage risk to support secure and sustainable information technology services to meet the needs of our citizens.
| Objectives |
- Data is classified according to state law.
- Data is encrypted when appropriate.
- Insure data is not compromised.
- Data is available when required by citizens, agencies, or application.
- Coordinate incident response between the interested parties.
- Statewide program for vulnerability management.
- Disseminate information about protective measures to take against existing and upcoming security threats.
- Provide training of North Carolina technology employees in the area of information security.
- Help to create and sustain information security awareness programs.
- Work with agencies to disperse information concerning security incidents
- Work with State and Federal law enforcement as required
- Provide input on security for statewide information technology projects
- Coordinate statewide security communication