About GITA

IT Coordination and Planning
  Statewide Plan and Applications
  Enterprise Architecture
  Service Oriented Architecture
  Policies, Standards, Procedures

IT Project Review and Monitoring
   Project Investment Justification
  Project Oversight
  Project Management Certification

E-Government

Information Security and Privacy
  Incident Response
  Encryption Readiness NOI

Public Safety Communications

Strategic Initiatives 

Telecommunications

Councils and Committees

 

41-3507. Statewide information security and privacy office; duties; suspension of budget unit's information infrastructure

A. The statewide information security and privacy office is established in the government information technology agency. The statewide information security and privacy office shall serve as the strategic planning, facilitation and coordination office for information technology security in this state. Individual budget units shall continue to maintain operational responsibility for information technology security.

B. The director shall appoint a statewide chief information security officer to manage the statewide information security and privacy office. The statewide chief information security officer shall report to the director pursuant to section 41-3503.

C. The statewide information security and privacy office shall develop, implement, maintain and ensure compliance by each budget unit with a coordinated statewide assurance plan for information security and privacy. The statewide information security and privacy office shall:

1. Direct information security and privacy protection compliance reviews with each budget unit to ensure compliance with standards and effectiveness of security assurance plans as necessary.

2. Identify information security and privacy protection risks in each budget unit and direct agencies to adopt risk mitigation strategies, methods and procedures to lessen these risks.

3. Monitor and report compliance of each budget unit with state information security and privacy protection policies, standards and procedures.

4. Coordinate statewide information security and privacy protection awareness and training programs.

5. Develop other strategies as necessary to protect this state's information technology infrastructure and the data that is stored on or transmitted by such infrastructure.

D. The statewide information security and privacy office may temporarily suspend operation of information infrastructure that is owned, leased, outsourced or shared in order to isolate the source of, or stop the spread of, an information security breach or other similar incident. A budget unit shall comply with directives to temporarily discontinue or suspend operations of information infrastructure.

E. Each budget unit and its contractors shall identify and report security incidents to the statewide information security and privacy office immediately on discovery and deploy mitigation strategies as directed.

 
  Links

About GITA
Organization Chart
 Contact GITA
 Statutes/Rules
 News

Statewide Information Security & Privacy Office

Privacy Policy    Accessibility Policy    Contact GITA |  © Copyright 2009 GITA