(a)  The West Virginia Cybersecurity Office is under the supervision and control of a Chief Information Security Officer appointed by the Chief Technology Officer and shall be staffed appropriately by the Office of Technology to implement the provisions of this article.

lawyer at desk

Ask a business law question, get an answer ASAP!
Thousands of highly rated, verified business lawyers.
Click here to chat with a lawyer about your rights.

Terms Used In West Virginia Code 5A-6B-3

  • Cyber incident: means any event that threatens the security, confidentiality, integrity, or availability of information assets, information systems, or the networks that deliver the information. See West Virginia Code 5A-6B-2
  • Cyber risk assessment: means the process of identifying, analyzing and evaluating risk and applying the appropriate security controls relevant to the information custodians. See West Virginia Code 5A-6B-2
  • Cyber risk management service: means technologies, practices and policies that address threats and vulnerabilities in networks, computers, programs and data, flowing from or enabled by connection to digital infrastructure, information systems or industrial control systems, including, but not limited to, information security, supply chain assurance, information assistance and hardware or software assurance. See West Virginia Code 5A-6B-2
  • Cybersecurity framework: means computer technology security guidance for organizations to assess and improve their ability to prevent, detect, and respond to cyber incidents. See West Virginia Code 5A-6B-2
  • Enterprise: means the collective departments, agencies and boards within state government that provide services to citizens and other state entities. See West Virginia Code 5A-6B-2
  • Privacy impact assessment: means a procedure or tool for identifying and assessing privacy risks throughout the development life cycle of a program or system. See West Virginia Code 5A-6B-2
  • Security controls: means safeguards or countermeasures to avoid, detect, counteract or minimize security risks to physical property, information, computer systems or other assets. See West Virginia Code 5A-6B-2
  • State: when applied to a part of the United States and not restricted by the context, includes the District of Columbia and the several territories, and the words "United States" also include the said district and territories. See West Virginia Code 2-2-10

(b) The Chief Information Security Officer has the following powers and duties:

(1) Develop policies, procedures and standards necessary to establish an enterprise cybersecurity program that recognizes the interdependent relationship and complexity of technology in government operations and the nature of shared risk of cyber threats to the state;

(2) Create a cyber risk management service designed to ensure that officials at all levels understand their responsibilities for managing their agencies” cyber risk;

(3) Designate a cyber risk standard for the cybersecurity framework;

(4) Establish the cyber risk assessment requirements such as assessment type, scope, frequency and reporting;

(5) Provide agencies cyber risk guidance for information technology projects, including the recommendation of security controls and remediation plans;

(6) Assist agencies in the development of plans and procedures to manage, assist and recover in the event of a cyber incident;

(7) Assist agencies in the management of the framework relating to information custody, classification, accountability and protection;

(8) Ensure uniformity and adequacy of the cyber risk assessments;

(9) Notwithstanding the provisions of §5A-6B-1(b) of this code, enter into agreements with state government entities exempted from the application of this article or other political subdivisions of the state that desire to voluntarily participate in the cybersecurity program administered pursuant to this article;

(10) Develop policy outlining use of the privacy impact assessment as it relates to safeguarding of data and its relationship with technology; and

(11) Perform such other functions and duties as provided by law and as directed by the Chief Technology Officer.

(c) The Secretary of the Department of Administration shall propose rules for legislative approval in accordance with § 29A-3-1 et seq. of this code to implement and enforce the provisions of this article.

  Previous
Next  
 Article 6B Contents