Bill Text: HI SB1003 | 2013 | Regular Session | Amended

NOTE: There are more recent revisions of this legislation. Read Latest Draft
Bill Title: Chief Information Officer; Information Technology; Security

Spectrum: Partisan Bill (Democrat 1-0)

Status: (Passed) 2013-07-09 - Act 265, 7/3/2013 (Gov. Msg. No. 1368). [SB1003 Detail]

Download: Hawaii-2013-SB1003-Amended.html

THE SENATE

S.B. NO.

1003

TWENTY-SEVENTH LEGISLATURE, 2013

S.D. 2

STATE OF HAWAII

 

 

 

 

 

 

A BILL FOR AN ACT

 

 

RELATING TO INFORMATION TECHNOLOGY.

 

 

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF HAWAII:

 


     SECTION 1.  Protecting and securing the State of Hawaii's information and data is a top concern in today's cyber world.  The State must protect its technology from enemies both outside and within the State.  To ensure the security of state government information and protect the data communications infrastructure from unauthorized uses, intrusions, or other security threats, the chief information officer should be given the responsibility and authority to direct the development, adoption, and implementation of policies, procedures, and standards and training personnel to minimize vulnerability to threats, regularly assess security risks, determine appropriate security measures, and perform security audits of government information systems and data communications infrastructures.

     The purpose of this Act is to authorize the chief information officer to conduct or cause to be conducted security audits, which may include reviews of physical security practices, of all executive branch agencies regarding the protection of government databases and data communications and to direct remedial actions as necessary.

     SECTION 2.  Chapter 27, Hawaii Revised Statutes, is amended by adding a new section to part VII, to be appropriately designated and to read as follows:

     "§27-     Additional duties of the chief information officer relating to security of government information.  (a)  The chief information officer shall provide for periodic security audits of all executive branch departments and agencies regarding the protection of government databases and data communications.

     (b)  Security audits may include on-site audits as well as reviews of all written security procedures and documented practices.  The chief information officer may contract with a private firm or firms that specialize in conducting security audits.  All executive branch departments, agencies, boards, or commissions subject to the security audits authorized by this section shall fully cooperate with the entity designated to perform the audit.  The chief information officer may direct specific remedial actions to mitigate findings of insufficient administrative, technical, and physical controls necessary to protect state government information or data communication infrastructures.

     (c)  This section shall not infringe upon responsibilities assigned to the comptroller or the auditor or upon other statutory requirements."

     SECTION 3.  New statutory material is underscored.

     SECTION 4.  This Act shall take effect on July 1, 2050.


 


 

Report Title:

Chief Information Officer; Information Technology; Security

 

Description:

Authorizes the Chief Information to conduct or cause to be conducted security audits, which may include reviews of physical security practices, of all executive branch agencies regarding the protection of government databases and data communications and to direct remedial actions as necessary.  Effective 07/01/2050.  (SD2)

 

 

 

The summary description of legislation appearing on this page is for informational purposes only and is not legislation or evidence of legislative intent.

 

 

feedback