Information Security Risk & Assurance (ISRA)

The Information Security Risk & Assurance (ISRA) team offers the following types of assistance to all IT organizations throughout the NC State campus:

  • Strategic planning for ensuring reliable IT security and program compliance
  • Assist campus community with internal security audits and assurance
  • Litigation Holds and EDiscovery
  • Security-compliance support
    • Endpoint Protection Standard (EPS)
    • Data Sensitivity Framework
    • When new security controls transpire, those controls become services we offer (planning and development thereof)

Our Responsibilities

The ISRA team is responsible primarily for risk management, program-compliance development, and solutions architecture specific to the following compliance programs and types of data:

  • Controlled Unclassified Information (CUI)
  • Digital Millennium Copyright Act (DMCA)
  • Family Educational Rights and Privacy Act (FERPA)
  • Gramm-Leach Bliley Act (GLBA)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • International Organization for Standardization (ISO) 27001 and 27002
  • National Institute of Standards and Technology (NIST) 800-series
  • Payment Card Industry Data Security Standard (PCI DSS)

How We Help the Campus Community

  • Security awareness and training
  • Development and implementation of information security Policies, Regulations, and Rules (PRRs)
  • We help Trustees, Data Stewards and Data Custodians administer the Data Sensitivity Framework (data classification — ultra-sensitive, highly sensitive, and sensitive data)
  • Help facilitate and continuously improve governance (meeting the university’s information security requirements)

Other links