Information Security Advisory Group

 Information Security Advisory Description/Charter

Cybersecurity Awareness Team

The Cybersecurity Awareness Team provides logistical coordination and support of the ongoing university cybersecurity program by developing content to support both general cybersecurity awareness and role-based training university-wide. General security awareness training refers to end-user training about common security risks, mitigation steps, and security tools available at NC State. This type of training is usually applicable to all university students, faculty, and staff. Role-based security training targets specific users across the university based on the identified risks and threat landscape to protect the university. This type of training is usually done via collaborative partnership with subject matter experts within the appropriate business units.

  • S&C Contact – Elizabeth Cole-Walker/Damon Armour

Policy and Compliance Working Group

The Compliance and Policy Working Group assesses university compliance with laws and/or federal or state regulations, as well as university policies, regulations and rules (PRRs), processes, procedures and standards pertaining to security and privacy. The working group oversees the drafting and implementation of university security and privacy PRRs. It may also recommend necessary changes to existing security and privacy regulations and rules so they are kept both current and consistent. An example of this would be to evaluate the Computer Use regulation and make recommended changes to address use of personal computers for business purposes.

Security Technology Working Group

The Security Technology Working Group evaluates security technologies to ensure that proposed solutions conform to established security, compliance and privacy standards. In addition, it anticipates security issues that may arise as needs change or as technologies advance. It promotes the university community’s awareness of technical or procedural solutions. It evaluates the current environment for security enhancements.  It serves as a “reality check” for the Policy and Compliance working group on the feasibility of implementing proposed conceptual approaches. An example would be proposing a solution for encrypting mobile devices. Another example would be discussing the number of attacks/vulnerabilities seen across campus and recommending a patch management solution as a mitigation strategy.

Software Working Group

  • Description – includes links to agendas/minutes of meetings (being updated)
  • Document Repository – see above
  • S&C Contact – Bill Coker