Information Security (IS) is a blending of essential leadership in the development, delivery and ongoing maintenance of security programs that ensure the confidentiality, integrity and availability of ITS’s assets, intellectual property and the proprietary data of its customers against unauthorized use, disclosure, modification, damage or loss.
Functional duties of IS are mandates, not an optional choice. General statues such as NCGS114-15.1 and NCGS147-33.82, federal governances such as HIPAA and IRS1075, and industry governances such as PCI DSS all require an ongoing program of risk mitigation. In addition to Risk and Vulnerability Management, the Information Security team also provides critical leadership in areas such as access control, audits, cyber incidents, provisioning, service and system integrity and policy maintenance.
Continuity Management is responsible for providing leadership for a comprehensive program that includes business impact analysis, risk assessment, and operations recovery planning. The Business Continuity plan for ITS contains information, tasks, and procedures that would be necessary to facilitate ITS management’s decision-making process in a situation that could potentially disrupt ITS service delivery.