The Information Security Risk & Assurance (ISRA) team offers the following types of assistance to all IT organizations throughout the NC State campus:
- Strategic planning for ensuring reliable IT security and program compliance
- Assist campus community with internal security audits and assurance
- Litigation Holds and eDiscovery
- Security-compliance support
- Endpoint Protection Standard (EPS)
- Data Sensitivity Framework (DSF)
- As new security controls transpire, those controls become services we offer (planning and development thereof)
Our Responsibilities
The ISRA team is responsible primarily for risk management, program-compliance development, and solutions architecture specific to the following compliance programs and types of data:
- Controlled Unclassified Information (CUI)
- Digital Millennium Copyright Act (DMCA)
- Family Educational Rights and Privacy Act (FERPA)
- Gramm-Leach Bliley Act (GLBA)
- Health Insurance Portability and Accountability Act (HIPAA)
- International Organization for Standardization (ISO) 27001 and 27002
- National Institute of Standards and Technology (NIST) 800-series
- Payment Card Industry Data Security Standard (PCI DSS)
How We Help the Campus Community
- Security awareness and training
- Development and implementation of information security Policies, Regulations, and Rules (PRRs)
- We help Trustees, Data Stewards and Data Custodians administer the Data Sensitivity Framework (data classification — ultra-sensitive, highly sensitive, and sensitive data
- Help facilitate and continuously improve governance (meeting the university’s information security requirements)
Need Assistance?
Send email to the ISRA team or see the ISRA Staff page for a specific area of expertise.