• State CIO
• Enterprise Architecture
• GIS
• NC 911
• Procurement
• Project Oversight
• Security

Information Security Services

• Threat Management and Incident Response
• Security Consulting
• Statewide Policies and Guidelines
• Information Security Portal
• Cyber Security Awareness
  

Security Standards Deviation Reporting

• Statewide Security Standards Deviation Reporting Process and Procedures (August 21, 2012)
• Statewide Security Standards Deviation Reporting Process Memo (August 3, 2010)
• Statewide Security Standards Deviation Report Form

Incident Management

North Carolina government agencies handle security breaches and other incidents involving information technology under the terms and conditions of the Memorandum of Understanding for Information Security Threat Responsibilities.

Organizations that provide information on the development and operation of incident management plans are listed below.

• National Institute of Standards and Technology (NIST)
• Forum of Incident Response and Security Teams (FIRST)
• SANS Information Reading Room
• Handbook for Computer Security Incident Response Teams (CSIRTs)
• Subscribe to ESRMO Security and Vulnerability Alerts Mailing List
• Infragard

Information Security Incident Reporting

• N.C.G.S. § 147-33.113 State Agency Cooperation
• Statewide Information Security Reporting Memo
• Statewide Information Security Reporting Form

2004 Security Assessment Report

• State CIO George Bakolia's Letter
• Summary Score
• Summary Report - Assessment of Agency Compliance with Enterprise Security Standards
• Assessment of Agency Compliance Presentation

Emergency Alerts

The following links provide a clearinghouse of information on new and existing vulnerabilities

• United States Computer Emergency Readiness Team
• SANS Internet Storm Center
• Multi-State Information Sharing and Analysis Center
• CERT Coordination Center Advisories
• Department of Energy Cyber Incident Response Capability
• Deepsight™ Threat Management System

Antivirus Tools and Updates

The latest vendor patches, virus alerts, updates, and hoax information.

• Trend
• Symantec
• McAfee
• Hoax Verification
• Microsoft

Security Documentation

• Online Security Documentation
  • Common Criteria
  • IBM Redbooks
  • Linux Security
  • Microsoft
  • Novell
  • NSI
  • NIST Publications
  • Security Handbook
  • Unix Security
• Listservs
  • Security Listserv Archives
• Organizations
  • Computer Security Institute (CSI)
  • International Information Systems Security Certification Consortium (ISC)2
  • Information Systems Security Association (ISSA)
  • Information Systems Audit and Control Association (ISACA)
  • National Institute of Standards and Technology (NIST)
  • National Security Agency (NSA)
  • Security Awareness Incorporated
  • SANS Institute
  • University of North Carolina at Charlotte
  • US-CERT
• Cyber Crime
  • United States Department of Justice
  • Infragard
  • FBI - Internet Fraud Complaint Center