75-7239. Kansas information security office; establishment and administration; separate state agency; powers and duties. (a) There is hereby established within and as a part of the office of information technology services the Kansas information security office. The Kansas information security office shall be administered by the CISO and be staffed appropriately to effect the provisions of the Kansas cybersecurity act.
(b) For the purpose of preparing the governor's budget report and related legislative measures submitted to the legislature, the Kansas information security office, established in this section, shall be considered a separate state agency and shall be titled for such purpose as the "Kansas information security office." The budget estimates and requests of such office shall be presented as from a state agency separate from the department of administration, and such separation shall be maintained in the budget documents and reports prepared by the director of the budget and the governor, or either of them, including all related legislative reports and measures submitted to the legislature.
(c) Under direction of the CISO, the KISO shall:
(1) Administer the Kansas cybersecurity act;
(2) assist the executive branch in developing, implementing and monitoring strategic and comprehensive information security risk-management programs;
(3) facilitate executive branch information security governance, including the consistent application of information security programs, plans and procedures;
(4) using standards adopted by the information technology executive council, create and manage a unified and flexible control framework to integrate and normalize requirements resulting from applicable state and federal laws, and rules and regulations;
(5) facilitate a metrics, logging and reporting framework to measure the efficiency and effectiveness of state information security programs;
(6) provide the executive branch strategic risk guidance for information technology projects, including the evaluation and recommendation of technical controls;
(7) assist in the development of executive branch agency cybersecurity programs that are in compliance with applicable state and federal laws and rules and regulations and standards adopted by the information technology executive council;
(8) coordinate the use of external resources involved in information security programs, including, but not limited to, interviewing and negotiating contracts and fees;
(9) liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure a strong security posture;
(10) assist in the development of plans and procedures to manage and recover business-critical services in the event of a cyberattack or other disaster;
(11) assist executive branch agencies to create a framework for roles and responsibilities relating to information ownership, classification, accountability and protection;
(12) ensure a cybersecurity training program is provided to executive branch agencies at no cost to the agencies;
(13) provide cybersecurity threat briefings to the information technology executive council;
(14) provide an annual status report of executive branch cybersecurity programs of executive branch agencies to the joint committee on information technology and the house committee on government, technology and security; and
(15) perform such other functions and duties as provided by law and as directed by the CISO.
History: L. 2018, ch. 97, § 4; July 1.
Copyright ©2024 LegalFix. All rights reserved. LegalFix is not a law firm, is not licensed to practice law, and does not provide legal advice, services, or representation. The information on this website is an overview of the legal plans you can purchase—or that may be provided by your employer as an employee benefit or by your credit union or other membership group as a membership benefit.
LegalFix provides its members with easy access to affordable legal services through a network of independent law firms. LegalFix, its corporate entity, and its officers, directors, employees, agents, and contractors do not provide legal advice, services, or representation—directly or indirectly.
The articles and information on the site are not legal advice and should not be relied upon—they are for information purposes only. You should become a LegalFix member to get legal services from one of our network law firms.
You should not disclose confidential or potentially incriminating information to LegalFix—you should only communicate such information to your network law firm.
The benefits and legal services described in the LegalFix legal plans are not always available in all states or with all plans. See the legal plan Benefit Overview and the more comprehensive legal plan contract during checkout for coverage details in your state.
Use of this website, the purchase of legal plans, and access to the LegalFix networks of law firms are subject to the LegalFix Terms of Service and Privacy Policy.