The Information Security Office (ISO) provides the following overall services:
Awareness of Information Security
Employee Awareness Training
The Information Security Office (ISO) employes the Knowbe4.com training platform to provide well recognized, interactive information security awareness training. The training is presented in a series of campaigns during the year and is available to all ECSU employees. Additionally, the Information Security Office provides focused topic presentations in-person and on the website.
Feedback: Employees, please fill-out this form to let us know your thoughts on the training.
Community Awareness and Free Resouces
The Information Security Office (ISO) provides focused topic presentations in-person
and on the website. We also curate free resources for the University Community.
|Cyber Space and Security||Phishing Explained||Recognize Malware|
|Security Awareness Newsletter||Free Virus Protection
for Home Use (PC or Mac)
Identity and Access Management
Identity and access management (IAM) technologies and business processes enable the creation, maintenance, and use of digital identity — ensuring that the right people gain access to the right materials and records at the right time. The ISO monitors the groups with various IAM responsibilities.
Information Security Policy and Program
The ECSU Information Security Program is a combination of policy, standards, ISO 27002 Controls, infrastructure security architecture, and IT services, procedures, and practices. When integrated the overall program describes administrative, operational, and technical security safeguards that are implemented for/in information systems involved in the processing and storage of critical information.
The ISO is the central point for offical Division of Information Technology communications. Using the DIT website, in-person presentations, and mail listsev we communicate IT alerts, announcements, and news to the ECSU Community.
IT Risk Assessments
Risk assessments are performed on critical information technology assets within the
IT environment on a regular basis by the ISO. Additionally, the Internal Audit department,
and the NC Office of the State Auditor conduct a variety of financial and IT related
audits. These groups work independantly to provide constructive feedback that includes
a comprehensive report of actionable risk mitigation/remediation recommendations.
The Information Security Office also performs information use risk assessments for management and business owners upon request, which are conducted and maintained in a strictly confidential manner.
IT Vulnerability Identification and Reporting
Vulnerability Identification is performed regularly on all critical ECSU technical assets. Reports are generated for documentation and team remediation.
Website Technical Support
The ISO is responsible for website technical support. We provide coding review, website
reporting, and train editors in the use of the content mangement system, Omni Update.
Please contact the DIT trainer for a session in how to use Omni Update.
Read More at the Website FAQ.