Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

Code · Illinois · Chapter 20 — EXECUTIVE BRANCH · Act 1375

(Text of Section before amendment by P.A.

1,323 words·~6 min read·/il/chapter-20/act-1375/text-of-section-before-amendment-by-p-a-2·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

(Text of Section before amendment by P.A. 104-195)
Sec. 5-25. Responsibilities.
(a)The Secretary shall:
(1)appoint a Statewide Chief Information Security Officer pursuant to Section 5-20;
(2)provide the Office with the staffing and resources deemed necessary by the Secretary
to fulfill the responsibilities of the Office;
(3)oversee statewide information security policies and practices, including:
(A)directing and overseeing the development, implementation, and communication of
statewide information security policies, standards, and guidelines;
(B)overseeing the education of State agency personnel regarding the requirement to
identify and provide information security protections commensurate with the risk and magnitude of the harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of information in a critical information system;
(C)overseeing the development and implementation of a statewide information
security risk management program;
(D)overseeing State agency compliance with the requirements of this Section;
(E)coordinating Information Security policies and practices with related
information and personnel resources management policies and procedures; and
(F)providing an effective and efficient process to assist State agencies with
complying with the requirements of this Act; and
(4)subject to appropriation, establish a cybersecurity liaison program to advise and
assist units of local government in identifying cyber threats, performing risk assessments, sharing best practices, and responding to cyber incidents.
(b)The Statewide Chief Information Security Officer shall:
(1)serve as the head of the Office and ensure the execution of the responsibilities of
the Office as set forth in subsection
(c)of Section 5-15, the Statewide Chief Information Security Officer shall also oversee State agency personnel with significant responsibilities for information security and ensure a competent workforce that keeps pace with the changing information security environment;
(2)develop and recommend information security policies, standards, procedures, and
guidelines to the Secretary for statewide adoption and monitor compliance with these policies, standards, guidelines, and procedures through periodic testing;
(3)develop and maintain risk-based, cost-effective information security programs and
control techniques to address all applicable security and compliance requirements throughout the life cycle of State agency information systems;
(4)establish the procedures, processes, and technologies to rapidly and effectively
identify threats, risks, and vulnerabilities to State information systems, and ensure the prioritization of the remediation of vulnerabilities that pose risk to the State;
(5)develop and implement capabilities and procedures for detecting, reporting, and
responding to information security incidents;
(6)establish and direct a statewide information security risk management program to
identify information security risks in State agencies and deploy risk mitigation strategies, processes, and procedures;
(7)establish the State's capability to sufficiently protect the security of data
through effective information system security planning, secure system development, acquisition, and deployment, the application of protective technologies and information system certification, accreditation, and assessments;
(8)ensure that State agency personnel, including contractors, are appropriately
screened and receive information security awareness training;
(9)convene meetings with agency heads and other State officials to help ensure:
(A)the ongoing communication of risk and risk reduction strategies,
(B)effective implementation of information security policies and practices, and
(C)the incorporation of and compliance with information security policies,
standards, and guidelines into the policies and procedures of the agencies;
(10)provide operational and technical assistance to State agencies in implementing
policies, principles, standards, and guidelines on information security, including implementation of standards promulgated under subparagraph
(A)of paragraph
(3)of subsection
(a)of this Section, and provide assistance and effective and efficient means for State agencies to comply with the State agency requirements under this Act;
(11)in coordination and consultation with the Secretary and the Governor's Office of
Management and Budget, review State agency budget requests related to Information Security systems and provide recommendations to the Governor's Office of Management and Budget;
(12)ensure the preparation and maintenance of plans and procedures to provide cyber
resilience and continuity of operations for critical information systems that support the operations of the State; and
(13)take such other actions as the Secretary may direct.
(Text of Section after amendment by P.A. 104-195)
Sec. 5-25. Responsibilities.
(a)The Secretary shall:
(1)appoint a Statewide Chief Information Security Officer pursuant to Section 5-20;
(2)provide the Office with the staffing and resources deemed necessary by the Secretary
to fulfill the responsibilities of the Office;
(3)oversee statewide information security policies and practices for State agencies,
including:
(A)directing and overseeing the development, implementation, and communication of
statewide information security policies, standards, and guidelines;
(B)overseeing the education of agency personnel regarding the requirement to
identify and provide information security protections commensurate with the risk and magnitude of the harm resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of information in a critical information system;
(C)overseeing the development and implementation of a statewide information
security risk management program;
(D)overseeing agency compliance with the requirements of this Section;
(E)coordinating Information Security policies and practices with related
information and personnel resources management policies and procedures; and
(F)providing an effective and efficient process to assist agencies with complying
with the requirements of this Act; and
(4)subject to appropriation, establish a cybersecurity liaison program to advise and
assist units of local government in identifying cyber threats, performing risk assessments, sharing best practices, and responding to cyber incidents.
(b)The Statewide Chief Information Security Officer shall:
(1)serve as the head of the Office and ensure the execution of the responsibilities of
the Office as set forth in subsection
(c)of Section 5-15, the Statewide Chief Information Security Officer shall also oversee State agency personnel with significant responsibilities for information security and ensure a competent workforce that keeps pace with the changing information security environment;
(2)develop and recommend information security policies, standards, procedures, and
guidelines to the Secretary for statewide adoption and monitor compliance with these policies, standards, guidelines, and procedures through periodic testing;
(3)develop and maintain risk-based, cost-effective information security programs and
control techniques to address all applicable security and compliance requirements throughout the life cycle of State agency information systems;
(4)establish the procedures, processes, and technologies for State agencies to rapidly
and effectively identify threats, risks, and vulnerabilities to State information systems, and ensure the prioritization of the remediation of vulnerabilities that pose risk to the State;
(5)develop and implement capabilities and procedures for detecting, reporting, and
responding to information security incidents;
(6)establish and direct a statewide information security risk management program to
identify information security risks in State agencies and deploy risk mitigation strategies, processes, and procedures;
(7)establish the State's capability to sufficiently protect the security of data
through effective information system security planning, secure system development, acquisition, and deployment, the application of protective technologies and information system certification, accreditation, and assessments;
(8)ensure that State agency personnel, including contractors, are appropriately
screened and receive information security awareness training;
(9)convene meetings with State agency heads and other State officials to help ensure:
(A)the ongoing communication of risk and risk reduction strategies,
(B)effective implementation of information security policies and practices, and
(C)the incorporation of and compliance with information security policies,
standards, and guidelines into the policies and procedures of the State agencies;
(10)provide operational and technical assistance to State agencies in implementing
policies, principles, standards, and guidelines on information security, including implementation of standards promulgated under subparagraph
(A)of paragraph
(3)of subsection
(a)of this Section, and provide assistance and effective and efficient means for State agencies to comply with the State agency requirements under this Act;
(11)in coordination and consultation with the Secretary and the Governor's Office of
Management and Budget, review State agency budget requests related to Information Security systems and provide recommendations to the Governor's Office of Management and Budget;
(12)ensure the preparation and maintenance of plans and procedures to provide cyber
resilience and continuity of operations for critical information systems that support the operations of the State; and
(13)take such other actions as the Secretary may direct.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.