New Hampshire Revised Statutes 21-R:4-a – Duties of the Chief Information Security Officer
Current as of: 2023 | Check for updates
|
Other versions
The chief information security officer shall be responsible for the following:
I. Chairing the cybersecurity advisory committee.
II. Developing, publishing, maintaining, and interpreting the statewide information security manual’s policies and standards.
III. Developing, managing, and executing the statewide cyber disruption plan and an information security event response process.
IV. Staffing and training members of ESF-17 under the state emergency operations plan.
V. Identifying security requirements to limit the risks associated with identified executive branch business objectives as defined by the governor and the heads of state agencies.
VI. Providing information security subject matter expertise to the executive branch of the New Hampshire state government.
VII. Drafting and implementing an information security awareness and training program to be used by all state agencies.
VIII. Providing security metrics to track the performance of the information security program.
IX. Developing an information security governance and risk program, including, but not limited to:
(a) Coordinating and conducting risk assessments of agencies and their information assets.
(b) Conducting and managing vulnerability assessments of agency networks, applications, databases, and systems.
(c) Conducting penetration tests of agency networks, applications, databases, and systems.
(d) Conducting information security risk assessments of third parties with access to state of New Hampshire information assets.
X. Serving as the chief of the New Hampshire cyber integration center.
I. Chairing the cybersecurity advisory committee.
Terms Used In New Hampshire Revised Statutes 21-R:4-a
- Assets: (1) The property comprising the estate of a deceased person, or (2) the property in a trust account.
- following: when used by way of reference to any section of these laws, shall mean the section next preceding or following that in which such reference is made, unless some other is expressly designated. See New Hampshire Revised Statutes 21:13
- state: when applied to different parts of the United States, may extend to and include the District of Columbia and the several territories, so called; and the words "United States" shall include said district and territories. See New Hampshire Revised Statutes 21:4
II. Developing, publishing, maintaining, and interpreting the statewide information security manual’s policies and standards.
III. Developing, managing, and executing the statewide cyber disruption plan and an information security event response process.
IV. Staffing and training members of ESF-17 under the state emergency operations plan.
V. Identifying security requirements to limit the risks associated with identified executive branch business objectives as defined by the governor and the heads of state agencies.
VI. Providing information security subject matter expertise to the executive branch of the New Hampshire state government.
VII. Drafting and implementing an information security awareness and training program to be used by all state agencies.
VIII. Providing security metrics to track the performance of the information security program.
IX. Developing an information security governance and risk program, including, but not limited to:
(a) Coordinating and conducting risk assessments of agencies and their information assets.
(b) Conducting and managing vulnerability assessments of agency networks, applications, databases, and systems.
(c) Conducting penetration tests of agency networks, applications, databases, and systems.
(d) Conducting information security risk assessments of third parties with access to state of New Hampshire information assets.
X. Serving as the chief of the New Hampshire cyber integration center.