(1) There is created the Data Security Management Council composed of nine members as follows: (a) the chief information officer appointed under Section 63F-1-201, or the chief information officer's designee; (b) one individual appointed by the governor; (c) one individual appointed by the speaker of the House of Representatives and the president of the Senate from the Legislative Information Technology Steering Committee; and (d) the highest ranking information technology official, or the highest ranking information technology official's designee, from each of: (i) the Judicial Council; (ii) the State Board of Regents; (iii) the State Board of Education; (iv) the Utah System of Technical Colleges Board of Trustees; (v) the State Tax Commission; and (vi) the Office of the Attorney General.
(a) the chief information officer appointed under Section 63F-1-201, or the chief information officer's designee;
(b) one individual appointed by the governor;
(c) one individual appointed by the speaker of the House of Representatives and the president of the Senate from the Legislative Information Technology Steering Committee; and
(d) the highest ranking information technology official, or the highest ranking information technology official's designee, from each of: (i) the Judicial Council; (ii) the State Board of Regents; (iii) the State Board of Education; (iv) the Utah System of Technical Colleges Board of Trustees; (v) the State Tax Commission; and (vi) the Office of the Attorney General.
(i) the Judicial Council;
(ii) the State Board of Regents;
(iii) the State Board of Education;
(iv) the Utah System of Technical Colleges Board of Trustees;
(v) the State Tax Commission; and
(vi) the Office of the Attorney General.
(2) The council shall elect a chair of the council by majority vote.
(3) (a) A majority of the members of the council constitutes a quorum. (b) Action by a majority of a quorum of the council constitutes an action of the council.
(a) A majority of the members of the council constitutes a quorum.
(b) Action by a majority of a quorum of the council constitutes an action of the council.
(4) The Department of Technology Services shall provide staff to the council.
(5) The council shall meet quarterly, or as often as necessary, to: (a) review existing state government data security policies; (b) assess ongoing risks to state government information technology; (c) create a method to notify state and local government entities of new risks; (d) coordinate data breach simulation exercises with state and local government entities; and (e) develop data security best practice recommendations for state government that include recommendations regarding: (i) hiring and training a chief information security officer for each government entity; (ii) continuous risk monitoring; (iii) password management; (iv) using the latest technology to identify and respond to vulnerabilities; (v) protecting data in new and old systems; and (vi) best procurement practices.
(a) review existing state government data security policies;
(b) assess ongoing risks to state government information technology;
(c) create a method to notify state and local government entities of new risks;
(d) coordinate data breach simulation exercises with state and local government entities; and
(e) develop data security best practice recommendations for state government that include recommendations regarding: (i) hiring and training a chief information security officer for each government entity; (ii) continuous risk monitoring; (iii) password management; (iv) using the latest technology to identify and respond to vulnerabilities; (v) protecting data in new and old systems; and (vi) best procurement practices.
(i) hiring and training a chief information security officer for each government entity;
(ii) continuous risk monitoring;
(iii) password management;
(iv) using the latest technology to identify and respond to vulnerabilities;
(v) protecting data in new and old systems; and
(vi) best procurement practices.
(6) A member who is not a member of the Legislature may not receive compensation or benefits for the member's service but may receive per diem and travel expenses as provided in: (a) Section 63A-3-106; (b) Section 63A-3-107; and (c) rules made by the Division of Finance under Sections 63A-3-106 and 63A-3-107.
(a) Section 63A-3-106;
(b) Section 63A-3-107; and
(c) rules made by the Division of Finance under Sections 63A-3-106 and 63A-3-107.
Copyright ©2024 LegalFix. All rights reserved. LegalFix is not a law firm, is not licensed to practice law, and does not provide legal advice, services, or representation. The information on this website is an overview of the legal plans you can purchase—or that may be provided by your employer as an employee benefit or by your credit union or other membership group as a membership benefit.
LegalFix provides its members with easy access to affordable legal services through a network of independent law firms. LegalFix, its corporate entity, and its officers, directors, employees, agents, and contractors do not provide legal advice, services, or representation—directly or indirectly.
The articles and information on the site are not legal advice and should not be relied upon—they are for information purposes only. You should become a LegalFix member to get legal services from one of our network law firms.
You should not disclose confidential or potentially incriminating information to LegalFix—you should only communicate such information to your network law firm.
The benefits and legal services described in the LegalFix legal plans are not always available in all states or with all plans. See the legal plan Benefit Overview and the more comprehensive legal plan contract during checkout for coverage details in your state.
Use of this website, the purchase of legal plans, and access to the LegalFix networks of law firms are subject to the LegalFix Terms of Service and Privacy Policy.