The bill establishes a Cybersecurity Division within the Department of Enterprise Technology Services, appointing a state chief information security officer responsible for overseeing the division's operations. This division is tasked with ensuring compliance with information security policies across state agencies, providing technical assistance during security incidents, and maintaining a statewide information security program. The bill outlines specific duties for the chief information security officer, including developing security policies, assisting agency officials, and reporting annually to the governor and the joint appropriations committee on the effectiveness of the agency's information security program.

Additionally, the bill amends existing statutes to include the newly created Cybersecurity Division and introduces definitions related to cybersecurity, such as "incident" and "information security." It emphasizes the importance of protecting the integrity, confidentiality, and availability of information and information systems. The Department of Enterprise Technology Services is also mandated to create rules to implement the provisions of this act, which will take effect on July 1, 2023, with certain sections becoming effective immediately upon the completion of necessary legislative actions.

Statutes affected:
Introduced: 9-2-2902, 9-2-2904