75-7237. Definitions. As used in K.S.A. 75-7236 through 75-7243, and amendments thereto: (a) “Act” means the Kansas cybersecurity act. (b) “Breach” or “breach of security” means unauthorized access of data in electronic form containing personal information. Good faith access of personal information by an employee or agent of an executive branch agency does not constitute […]
75-7238. Chief information security officer; duties. (a) There is hereby established the position of executive branch chief information security officer. The CISO shall be in the unclassified service under the Kansas civil service act, shall be appointed by the governor and shall receive compensation in an amount fixed by the governor. (b) The CISO shall: […]
75-7239. Kansas information security office; establishment and administration; separate state agency; powers and duties. (a) There is hereby established within and as a part of the office of information technology services the Kansas information security office. The Kansas information security office shall be administered by the CISO and be staffed appropriately to effect the provisions […]
75-7240. Executive branch agency heads; responsibilities; reports; training; breach protocol. The executive branch agency heads shall: (a) Be solely responsible for security of all data and information technology resources under such agency’s purview, irrespective of the location of the data or resources. Locations of data may include: (1) Agency sites; (2) agency real property; (3) […]
75-7241. Fingerprints; criminal history record check; certain employees or contractors. (a) An executive branch agency head, with input from the CISO, may require employees or contractors of executive branch agencies, whose duties include collection, maintenance or access to personal information, to be fingerprinted and to submit to a state and national criminal history record check […]
75-7242. Information collected placing organization at risk confidential; exceptions. Information collected to effectuate this act shall be considered confidential by the executive branch agency and KISO unless all data elements or information that specifically identifies a target, vulnerability or weakness that would place the organization at risk have been redacted, including: (a) System information logs; […]
75-7243. Cybersecurity service costs; special assessments and fees; rules and regulations. Executive branch agencies may pay for cybersecurity services from existing budgets, from grants or other revenues, or through a special assessment to offset costs. Any executive branch agency’s increase in fees or charges related to this act, including cybersecurity fees charged by the KISO, […]
