Report Title:
Information Security; Cyber Security Office
Description:
Requires the cyber security office to address the information programs of executive departments and report findings and recommendations to the legislature. (SD1)
|
HOUSE OF REPRESENTATIVES |
H.B. NO. |
2836 |
|
TWENTY-THIRD LEGISLATURE, 2006 |
H.D. 1 |
|
|
STATE OF HAWAII |
S.D. 1 |
|
|
|
A BILL FOR AN ACT
RELATING TO INFORMATION SECURITY.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF HAWAII:
SECTION 1. Identity theft is one of the fastest growing crimes committed throughout the United States, including Hawaii. The privacy and financial security of individuals are increasingly at risk due to the widespread collection of personal information. In response to concerns over the security of personal information contained in government records, the Legislature finds that the department of accounting and general services is currently in the process of establishing a cyber security office to address information security programs, policies, and procedures for executive departments.
The purpose of this measure is to request a report on the status of the cyber security office and to ensure that other state agencies in addition to the executive departments are consulted to ensure maximum integration in development of related policies and procedures.
SECTION 2. (a) The department of accounting and general services shall report on the status of the cyber security office and its efforts to develop policies and procedures to address information security that:
(1) Are commensurate with the risk and magnitude of the harm resulting from unauthorized access, use, disclosure, disruption, modification, or destruction of either information collected or maintained by or on behalf of each department or information systems used or operated by each department;
(2) Include policies and procedures for all departments that cost-effectively reduce information security risks to acceptable levels; and
(3) Ensure that information security is addressed throughout the life cycle of each department's information system.
(b) The department shall also consult with the department of education, the University of Hawaii, the judiciary, and the legislature to ensure that the policies and procedures of the departmental cyber security office integrate with any comparable information security policies and procedures developed or under construction by these agencies. If available, the above-mentioned agencies shall provide an update of their information security policies and procedures to be included as part of the department's report.
(c) The department shall submit a report on its efforts to monitor, analyze, prevent, and mitigate cyber security issues for executive departments, including the development of policies and procedures, and any necessary proposed legislation, to the legislature no later than twenty days prior to the convening of the 2007 legislative session.
SECTION 3. This Act shall take effect on approval.