Translate
Public Act 100-0914
| ||||
| Public Act 100-0914 | ||||
| ||||
| ||||
AN ACT concerning finance.
| ||||
Be it enacted by the People of the State of Illinois,
| ||||
represented in the General Assembly:
| ||||
Section 5. The Illinois State Auditing Act is amended by | ||||
adding Section 3-2.4 as follows: | ||||
(30 ILCS 5/3-2.4 new) | ||||
Sec. 3-2.4. Cybersecurity audit. | ||||
(a) In conjunction with its annual compliance examination | ||||
program, the Auditor General shall review State agencies and | ||||
their cybersecurity programs and practices, with a particular | ||||
focus on agencies holding large volumes of personal | ||||
information. | ||||
(b) The review required under this Section shall, at a | ||||
minimum, assess the following: | ||||
(1) the effectiveness of State agency cybersecurity | ||||
practices; | ||||
(2) the risks or vulnerabilities of the cybersecurity | ||||
systems used by State agencies; | ||||
(3) the types of information that are most susceptible | ||||
to attack; | ||||
(4) ways to improve cybersecurity and eliminate | ||||
vulnerabilities to State cybersecurity systems; and | ||||
(5) any other information concerning the cybersecurity | ||||
of State agencies that the Auditor General deems necessary | ||
and proper. | ||
(c) Any findings resulting from the testing conducted under | ||
this Section shall be included within the applicable State | ||
agency's compliance examination report. Each compliance | ||
examination report shall be issued in accordance with the | ||
provisions of Section 3-14. A copy of the report shall also be | ||
delivered to the head of the applicable State agency and posted | ||
on the Auditor General's website.
| ||
Effective Date: 1/1/2019