(20 ILCS 1375/5-10)
Sec. 5-10. Purpose. The purposes of this Act are to: (1) provide a comprehensive framework for ensuring the effectiveness of information |
| security controls over information resources that support State agency operations and assets;
|
|
(2) recognize the critical role of information and information systems in the provision
|
| of life, health, safety, and other crucial services to the citizens of the State of Illinois and the risk posed to these services due to the ever-evolving cybersecurity threat;
|
|
(3) recognize the highly networked nature of the current State of Illinois working
|
| environment and provide effective statewide management and oversight of the related information security risks, including coordination of information security efforts across State agencies;
|
|
(4) provide for the development and maintenance of minimum security controls required to
|
| protect State of Illinois information and information systems;
|
|
(5) provide a mechanism for improved oversight of State agency information security
|
| programs, including through automated security tools to continuously diagnose and improve security;
|
|
(6) recognize that information security risk is both a business and public safety issue,
|
| and the acceptance of risk is a decision to be made at the executive levels of State government; and
|
|
(7) ensure a continued and deliberate effort to reduce the risk posed to the State by
|
| cyberattacks and other information security incidents that could impact the information security of the State.
|
|
(Source: P.A. 100-611, eff. 7-20-18.)
|