The IT Security Office (ISO) provides the following overall services:
Information Security Policy and Program
The ECSU Information Security Program is a combination of policy, standards, ISO 27002 Controls, infrastructure security architecture, and IT services, procedures, and practices. When integrated the overall program describes administrative, operational, and technical security safeguards that are implemented for/in information systems involved in the processing and storage of critical information. Click here for the Security Standards.
Information Security Awareness Training
The IT Security Office (ISO) employs the Knowbe4.com training platform to provide well recognized, interactive information security awareness training. The training is presented in a series of campaigns during the year and is available to all ECSU employees. Additionally, the IT Security Office provides focused topic presentations in-person and on the website.
The IT Security Office (ISO) curates and provides free security awareness training for students from a variety of reliable sources. Training for students is available here.
Community Awareness and Free Resources
The IT Security Office (ISO) provides focused topic presentations in-person and on
the website. We also curate free resources for the University Community.
|Cyber Space and Security||Phishing Explained||Recognize Malware|
|Security Awareness Newsletter|
IT Vulnerability Identification and Reporting
Vulnerability identification is performed regularly on all critical ECSU technical assets. Reports are generated to keep teams and managers aware of existing vulnerabilities in the technical environment. Remediation plans are promulgated to assist managers in tasking and vulnerability prioritization.
IT Risk Assessments
Risk assessments can be performed on critical information technology assets within the IT environment on a request basis. Please contact the ISO to request a risk assessment .
Additionally, the ECSU Internal Audit department, and various NC and US agencies conduct a variety of financial and IT related audits. These groups work independently to provide constructive feedback that includes a comprehensive report of actionable risk mitigation/remediation recommendations.
The IT Security Office can perform information use risk assessments for management and business owners upon request. These reviews are conducted and maintained in a strictly confidential manner.
Identity and Access Management
Identity and access management (IAM) technologies and business processes enable the creation, maintenance, and use of digital identity — ensuring that the right people gain access to the right materials and records at the right time. Identity and Access Management is the shared responsibility of the Data Owner (top management), the Data Steward (supervisors) and the Data Custodian (DIT).
The ISO is the central point for official Division of Information Technology communications. Using the DIT website, in-person presentations, and mail Listserv we communicate IT alerts, announcements, and news to the ECSU Community.
Website Technical Support
The ISO is responsible for website technical support. We provide coding review, website
reporting, and train editors in the use of the content management system, Omni Update.
Please contact the DIT trainer for a session in how to use Omni Update.
Read More at the Website FAQ.