Information Security

 

The IT Security Office (ISO) provides the following overall services:

Information Security Policy and Program

The ECSU Information Security Program is a combination of policy, standards, ISO 27002 Controls, infrastructure security architecture, and IT services, procedures, and practices.  When integrated  the overall program describes administrative, operational, and technical security safeguards that are implemented for/in information systems involved in the processing and storage of critical information. Click here for the Security Standards. 

Information Security Awareness Training

Employee Training

The IT Security Office (ISO) employs the Knowbe4.com training platform to provide well recognized, interactive information security awareness training.  The training is presented in a series of campaigns during the year and is available to all ECSU employees. Additionally, the IT Security Office provides focused topic presentations in-person and on the website.

Employee Information Security Awareness Training Login Here:  https://training.knowbe4.com/login
Training Feedback:  Employees, please fill-out this form to let us know your thoughts on the training.

Student Training

The IT Security Office (ISO) curates and provides free security awareness training for students from a variety of reliable sources. Training for students is available here.

Community Awareness and Free Resources

The IT Security Office (ISO) provides focused topic presentations in-person and on the website. We also curate free resources for the University Community.

Cyber Space and Security Phishing Explained Recognize Malware
Security Awareness Newsletter Free Virus Protection
for Home Use (PC or Mac)

Free Malware Removal Tools
for Home Use:
Microsoft Tool
Sophos Tool

 

IT Vulnerability Identification and Reporting

Vulnerability identification is performed regularly on all critical ECSU technical assets.  Reports are generated to keep teams and managers aware of existing vulnerabilities in the technical environment. Remediation plans are promulgated to assist managers in tasking and vulnerability prioritization.

IT Risk Assessments

Risk assessments can be performed on critical information technology assets within the IT environment on a request basis. Please contact the ISO to request a risk assessment .

Additionally, the ECSU Internal Audit department, and various NC and US agencies conduct a variety of financial and IT related audits. These groups work independently to provide constructive feedback that includes a comprehensive report of actionable risk mitigation/remediation recommendations.

The IT Security Office can perform information use risk assessments for management and business owners upon request. These reviews are conducted and maintained in a strictly confidential manner. 

Identity and Access Management

Identity and access management (IAM) technologies and business processes enable the creation, maintenance, and use of digital identity — ensuring that the right people gain access to the right materials and records at the right time.  Identity and Access Management is the shared responsibility of the Data Owner (top management), the Data Steward (supervisors) and the Data Custodian (DIT).

IT Communications

The ISO is the central point for official Division of Information Technology communications. Using the DIT website, in-person presentations, and mail listsev we communicate IT alerts, announcements, and  news to the ECSU Community.

Website Technical Support

 The ISO is responsible for  website technical support. We provide coding review, website reporting, and train editors in the use of the content management system, Omni Update. Please contact the DIT trainer for a session in how to use Omni Update.
Read More at the Website FAQ.