HB5547 EngrossedLRB100 18538 RJF 33756 b


  
1    AN ACT concerning finance.
  
 
2    Be it enacted by the People of the State of Illinois,
 
3represented in the General Assembly:
  
 
 
4    Section 5. The Illinois State Auditing Act is amended  by 
5adding Section 3-2.4 as follows:
 
6    (30 ILCS 5/3-2.4 new)
7    Sec. 3-2.4. Cybersecurity audit.
8    (a)   In conjunction with its annual compliance examination 
9program, the Auditor General shall review State agencies and 
10their cybersecurity programs and practices, with a particular 
11focus on agencies holding large volumes of personal 
12information.
13    (b)   The review required under this Section shall, at a 
14minimum, assess the following:
15        (1)   the effectiveness of State agency cybersecurity 
16    practices;
17        (2)   the risks or vulnerabilities of the cybersecurity 
18    systems used by State agencies;
19        (3)   the types of information that are most susceptible 
20    to attack;
21        (4)   ways to improve cybersecurity and eliminate 
22    vulnerabilities to State cybersecurity systems; and
23        (5)   any other information concerning the cybersecurity 
 
 
HB5547 Engrossed- 2 -LRB100 18538 RJF 33756 b

1    of State agencies that the Auditor General deems necessary 
2    and proper.
3    (c)   Any findings resulting from the testing conducted under 
4this Section shall be included within the applicable State 
5agency's compliance examination report. Each compliance 
6examination report shall be issued in accordance with the 
7provisions of Section 3-14. A copy of the report shall also be 
8delivered to the head of the applicable State agency and posted 
9on the Auditor General's website.