(20 ILCS 1375/5-10)
Sec. 5-10. Purpose. The purposes of this Act are to: (1) provide a comprehensive framework for ensuring |
| the effectiveness of information security controls over information resources that support State agency operations and assets;
|
|
(2) recognize the critical role of information and
|
| information systems in the provision of life, health, safety, and other crucial services to the citizens of the State of Illinois and the risk posed to these services due to the ever-evolving cybersecurity threat;
|
|
(3) recognize the highly networked nature of the
|
| current State of Illinois working environment and provide effective statewide management and oversight of the related information security risks, including coordination of information security efforts across State agencies;
|
|
(4) provide for the development and maintenance of
|
| minimum security controls required to protect State of Illinois information and information systems;
|
|
(5) provide a mechanism for improved oversight of
|
| State agency information security programs, including through automated security tools to continuously diagnose and improve security;
|
|
(6) recognize that information security risk is both
|
| a business and public safety issue, and the acceptance of risk is a decision to be made at the executive levels of State government; and
|
|
(7) ensure a continued and deliberate effort to
|
| reduce the risk posed to the State by cyberattacks and other information security incidents that could impact the information security of the State.
|
|
(Source: P.A. 100-611, eff. 7-20-18.)
|