Information Security, Risk & Assurance (ISRA)

The Information Security, Risk & Assurance (ISRA) team offers the following types of assistance to all IT organizations throughout the NC State campus:

  • Strategic planning for ensuring reliable IT security and program compliance
  • Assist campus community with internal security audits and assurance
  • Litigation holds and eDiscovery
  • Security-compliance support
    • Endpoint Protection Standard (EPS)
    • Data Sensitivity Framework (DSF)
    • As new security controls transpire, those controls become services we offer (planning and development thereof)

Our Responsibilities

The ISRA team is responsible primarily for risk management, program-compliance development, and solutions architecture specific to the following compliance programs and types of data:

  • Controlled Unclassified Information (CUI)
  • Digital Millennium Copyright Act (DMCA)
  • Family Educational Rights and Privacy Act (FERPA)
  • Gramm-Leach Bliley Act (GLBA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • International Organization for Standardization (ISO) 27001 and 27002
  • National Institute of Standards and Technology (NIST) 800-series
  • Payment Card Industry Data Security Standard (PCI DSS)

How We Help the Campus Community

  • Security awareness and training
  • Development and implementation of information security Policies, Regulations and Rules (PRRs)
  • Supporting trustees, data stewards and data custodians in administering the Data Management Framework, which involves data classification — for example, ultra-sensitive, highly sensitive, and sensitive data
  • Facilitating and continuously improving governance (meeting the university’s information security requirements)

Need Assistance?

If you have any questions related to cybersecurity, visit the NC State IT Service Portal.

Director of ISRA

Damon Armour
Director, Information Security Risk & Assurance (ISRA)

Related Links