§ 21-R:4-a — Duties of the Chief Information Security Officer

New Hampshire § 21-R:4-a

• Jurisdiction: New Hampshire
• Title I: THE STATE AND ITS GOVERNMENT
• Ch. 21-R: DEPARTMENT OF INFORMATION TECHNOLOGY

Text

The chief information security officer shall be responsible for the following:
I. Chairing the cybersecurity advisory committee.
II. Developing, publishing, maintaining, and interpreting the statewide information security manual's policies and standards.
III. Developing, managing, and executing the statewide cyber disruption plan and an information security event response process.
IV. Staffing and training members of ESF-17 under the state emergency operations plan.
V. Identifying security requirements to limit the risks associated with identified executive branch business objectives as defined by the governor and the heads of state agencies.
VI. Providing information security subject matter expertise to the executive branch of the New Hampshire state government.
VII. Drafting and implementing an information security awareness and training program to be used by all state agencies.
VIII. Providing security metrics to track the performance of the information security program.
IX. Developing an information security governance and risk program, including, but not limited to:
(a) Coordinating and conducting risk assessments of agencies and their information assets.
(b) Conducting and managing vulnerability assessments of agency networks, applications, databases, and systems.
(c) Conducting penetration tests of agency networks, applications, databases, and systems.
(d) Conducting information security risk assessments of third parties with access to state of New Hampshire information assets.
X. Serving as the chief of the New Hampshire cyber integration center.

Legislative History

2023, 135:4, eff. Aug. 29, 2023.