Information Security


The Information Security Office (ISO) provides the following overall services:

Awareness of Information Security 

Employee Awareness Training

The Information Security Office (ISO) employes the training platform to provide well recognized, interactive information security awareness training.  The training is presented in a series of campaigns during the year and is available to all ECSU employees. Additionally, the Information Security Office provides focused topic presentations in-person and on the website.

Knowbe4 Security Awareness Training
Feedback:  Employees, please fill-out this form to let us know your thoughts on the training.

Community Awareness and Free Resouces

The Information Security Office (ISO) provides focused topic presentations in-person and on the website. We also curate free resources for the University Community.

Cyber Space and Security Phishing Explained Recognize Malware
Security Awareness Newsletter Free Virus Protection
for Home Use (PC or Mac)

Free Malware Removal Tools
for Home Use:
Microsoft Tool
Sophos Tool


Identity and Access Management

Identity and access management (IAM) technologies and business processes enable the creation, maintenance, and use of digital identity — ensuring that the right people gain access to the right materials and records at the right time.  The ISO monitors the groups with various IAM responsibilities. 

Information Security Policy and Program

The ECSU Information Security Program is a combination of policy, standards, ISO 27002 Controls, infrastructure security architecture, and IT services, procedures, and practices.  When integrated  the overall program describes administrative, operational, and technical security safeguards that are implemented for/in information systems involved in the processing and storage of critical information.

IT Communications

The ISO is the central point for offical Division of Information Technology communications. Using the DIT website, in-person presentations, and mail listsev we communicate IT alerts, announcements, and  news to the ECSU Community.

IT Risk Assessments

Risk assessments are performed on critical information technology assets within the IT environment on a regular basis by the ISO. Additionally, the Internal Audit department, and the NC Office of the State Auditor conduct a variety of financial and IT related audits. These groups work independantly to provide constructive feedback that includes a comprehensive report of actionable risk mitigation/remediation recommendations.
The Information Security Office also performs information use risk assessments for management and business owners upon request, which are conducted and maintained in a strictly confidential manner. 

IT Vulnerability Identification and Reporting

Vulnerability Identification is performed regularly on all critical ECSU technical assets.  Reports are generated for documentation and team remediation.

Website Technical Support

 The ISO is responsible for  website technical support. We provide coding review, website reporting, and train editors in the use of the content mangement system, Omni Update. Please contact the DIT trainer for a session in how to use Omni Update.
Read More at the Website FAQ.