As used in this article: “Cybersecurity Office” means the office created by 5A-6B-1 of this code. “Incident” or “cybersecurity incident” means a violation, or imminent threat of violation, of computer security policies, acceptable use policies, or standard security practices.
This article applies to all state agencies within the executive branch, constitutional officers, all local government entities as defined by 7-1-1 or 8-1-2 of this code, county boards of education as defined by 18-1-1 of this code, the Judiciary, and the Legislature.
(a) Qualified cybersecurity incidents shall be reported to the Cybersecurity Office before any citizen notification, but no later than 10 days following a determination that the entity experienced a qualifying cybersecurity incident. (b) A qualified cybersecurity incident meets at least one of the following criteria: (1) State or federal law requires the reporting of the […]
(a) On or before December 31 of each year, and when requested by the Legislature, the Cybersecurity Office shall provide a report to the Joint Committee on Government and Finance containing the number and nature of incidents reported to it during the preceding calendar year. The report shall be transmitted to the members of the […]
