(20 ILCS 1375/5-10)
    Sec. 5-10. Purpose. The purposes of this Act are to:
        (1) provide a comprehensive framework for ensuring
    
the effectiveness of information security controls over information resources that support State agency operations and assets;
        (2) recognize the critical role of information and
    
information systems in the provision of life, health, safety, and other crucial services to the citizens of the State of Illinois and the risk posed to these services due to the ever-evolving cybersecurity threat;
        (3) recognize the highly networked nature of the
    
current State of Illinois working environment and provide effective statewide management and oversight of the related information security risks, including coordination of information security efforts across State agencies;
        (4) provide for the development and maintenance of
    
minimum security controls required to protect State of Illinois information and information systems;
        (5) provide a mechanism for improved oversight of
    
State agency information security programs, including through automated security tools to continuously diagnose and improve security;
        (6) recognize that information security risk is both
    
a business and public safety issue, and the acceptance of risk is a decision to be made at the executive levels of State government; and
        (7) ensure a continued and deliberate effort to
    
reduce the risk posed to the State by cyberattacks and other information security incidents that could impact the information security of the State.
(Source: P.A. 100-611, eff. 7-20-18.)