Enterprise Information Security Threat Management and Incident Response

Service Description

Information Security Threat Management and Incident Response services are offered by the Information Security Office to help campus departments to safeguard sensitive data, to meet the requirements of the security standards legislation, N.C.G.S. § 147-33110 through 33.113, and other legal and regulatory requirements. Benefits to the campus are:
  • Integration of the ITS and departmental level cyber security incident plans
  • Access to the North Carolina Information Sharing and Analysis Center (NC-ISAC). NC-ISAC is part of the Multi State Information Sharing and Analysis Center (MS-ISAC), comprised of individual state ISACs and the U.S. Department of Homeland Security, United States Computer Emergency Readiness Team (US-CERT). The centers share and distribute information on cyber security vulnerabilities, threats, warnings, and risk mitigation measures with all participants, making some of the best and most timely cyber security information available to the campus. Using these services allows the campus to be an active participant in the integration of campus, state, and national level security cyber security incident and threat management processes.
  • An informed approach to threat management
  • An increased understanding and awareness of information security vulnerabilities that, in turn, improves the overall security posture of the campus.
Services include:
  • Threat Management
  • Notice provided to appropriate agency staff, security liaisons, and members of the security distribution list concerning new viruses, worms, and other threats to the health of the UNC - Chapel Hill network
  • Notice provided to information security liaisons and members of the security distribution list concerning vulnerabilities in widely deployed operating systems and applications
  • NC-ISAC
  • Coordination of governmental security operations throughout the State and nation
  • Integration with other states and the U.S. Department of Homeland Security as part of the MS-ISAC
  • Cyber incident management and forensic support activities
  • Campuswide cyber security incident response plan
  • Integration of departmental incident plans with the ISO incident plan
  • Security Consulting
  • Assist departments with analysis, resolution, and maintenance of information technology security risks, threats, vulnerabilities, and protection requirements
  • Provide consultation in response to audit and/or security assessment findings
  • Review campus incident management plans
  • Security Training
  • Train and assist the campus with development and maintenance of departmental incident management plans
  • Provide incident management plan response training

Hours of Availability

  • The services described are available from 8:00 a.m. to 6:00 p.m., Monday through Friday, except for holidays
  • On-call staffing is available for emergencies and after hours scheduled work

Customer

UNC-Chapel Hill campus

Customer Responsibilities

  • Follow appropriate incident reporting procedures for cyber incidents
  • Identify critical business systems and applications
  • Implement data classification and handling measures based on legal and regulatory requirements
  • Provide emergency contact information for key agency personnel who may be needed during a cyber security incident
  • Be aware of and comply with the campus security standards, policies, and procedures as well as ITS policies for ITS services such as eMail and network
  • Be available to provide critical information to assist in the resolution of reported incidents
  • Appoint qualified staff to support information security measures
  • Assess and manage agency information security risk
  • Define and implement appropriate departmental security policies, standards and procedures
  • Provide appropriate security training to campus staff
  • Define and implement campus security incident policies, standards and procedures
  • Integrate departmental internal information security incident plans with the ISO security incident plan
  • Provide internal campus security incident response oversight

How Do We Charge

Currently, the Information Security Office (ISO) does not charge for this service. Basic forensic services for campus departments are included at no charge subject to availability. Rates for other forensic services are quoted on request.

How To Request More Information On Or Request The Service

962-HELP