(a) In conjunction with its annual compliance examination program, the Auditor General shall review State agencies and their cybersecurity programs and practices, with a particular focus on agencies holding large volumes of personal information. (b) The review required under this Section shall, at a minimum, assess the following: (1) the effectiveness of State agency cybersecurity practices; (2) the risks or vulnerabilities of the cybersecurity systems used by State agencies; (3) the types of information that are most susceptible to attack; (4) ways to improve cybersecurity and eliminate vulnerabilities to State cybersecurity systems; and (5) any other information concerning the cybersecurity of State agencies that the Auditor General deems necessary and proper. (c) Any findings resulting from the testing conducted under this Section shall be included within the applicable State agency's compliance examination report. Each compliance examination report shall be issued in accordance with the provisions of Section 3-14. A copy of the report shall also be delivered to the head of the applicable State agency and posted on the Auditor General's website. practices; cybersecurity systems used by State agencies; susceptible to attack; vulnerabilities to State cybersecurity systems; and cybersecurity of State agencies that the Auditor General deems necessary and proper.
‹ Prev All Illinois sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.