Ask a legal question, get an answer ASAP!
Click here to chat with a lawyer about your rights.

Terms Used In Kansas Statutes 75-7239

  • Discovery: Lawyers' examination, before trial, of facts and documents in possession of the opponents to help the lawyers prepare for trial.
  • Program: means the KAN-ED program created pursuant to this act to facilitate schools', libraries' and hospitals' use of broadband technology-based video communication for distance learning and telemedicine. See Kansas Statutes 75-7222
  • State: when applied to the different parts of the United States, includes the District of Columbia and the territories. See Kansas Statutes 77-201

(a) There is hereby established within and as a part of the office of information technology services the Kansas information security office. The Kansas information security office shall be administered by the CISO and be staffed appropriately to effect the provisions of the Kansas cybersecurity act.

(b) For the purpose of preparing the governor’s budget report and related legislative measures submitted to the legislature, the Kansas information security office, established in this section, shall be considered a separate state agency and shall be titled for such purpose as the “Kansas information security office.” The budget estimates and requests of such office shall be presented as from a state agency separate from the office of information technology services, and such separation shall be maintained in the budget documents and reports prepared by the director of the budget and the governor, or either of them, including all related legislative reports and measures submitted to the legislature.

(c) Under direction of the CISO, the KISO shall:

(1) Administer the Kansas cybersecurity act;

(2) assist the executive branch in developing, implementing and monitoring strategic and comprehensive information security risk-management programs;

(3) facilitate executive branch information security governance, including the consistent application of information security programs, plans and procedures;

(4) using standards adopted by the information technology executive council, create and manage a unified and flexible control framework to integrate and normalize requirements resulting from applicable state and federal laws, and rules and regulations;

(5) facilitate a metrics, logging and reporting framework to measure the efficiency and effectiveness of state information security programs;

(6) provide the executive branch strategic risk guidance for information technology projects, including the evaluation and recommendation of technical controls;

(7) assist in the development of executive branch agency cybersecurity programs to ensure compliance with applicable state and federal laws, rules and regulations, executive branch policies and standards and policies and standards adopted by the information technology executive council;

(8) perform audits of executive branch agencies for compliance with applicable state and federal laws, rules and regulations, executive branch policies and standards and policies and standards adopted by the information technology executive council;

(9) coordinate the use of external resources involved in information security programs, including, but not limited to, interviewing and negotiating contracts and fees;

(10) liaise with external agencies, such as law enforcement and other advisory bodies as necessary, to ensure a strong security posture;

(11) assist in the development of plans and procedures to manage and recover business-critical services in the event of a cyberattack or other disaster;

(12) assist executive branch agencies to create a framework for roles and responsibilities relating to information ownership, classification, accountability and protection;

(13) ensure a cybersecurity awareness training program is made available to all branches of state government; and

(14) perform such other functions and duties as provided by law and as directed by the CISO.

(d) Results of audits conducted pursuant to subsection (c)(8) shall be confidential and shall not be subject to discovery or disclosure pursuant to the open records act, Kan. Stat. Ann. § 45-215 et seq., and amendments thereto. The provisions of this subsection shall expire on July 1, 2028, unless the legislature reviews and acts to continue such provision pursuant to Kan. Stat. Ann. § 45-229, and amendments thereto, prior to July 1, 2028.