1.0 TITLE: Information Technology Security Council Charter
1.1 EFFECTIVE DATE: January 01, 2020
1.2 REVISED: January 16, 2015
1.3 REVISED: December 10, 2019
1.4 REVISED: July 1, 2022
1.3 TYPE OF ACTION: Revision
To establish an Information Security Council to serve as the State of Kansas Cybersecurity Planning Committee and cybersecurity governance body. The council will also serve as an advisory body to the Information Technology Executive Council. The council will develop and facilitate a “whole-of-state” cybersecurity effort that will raise the security posture of public and private sector organizations in Kansas, through leadership, information sharing, resource development, education, and incident response preparedness.
3.0 ORGANIZATIONS AFFECTED:
All Branches, Boards, Commissions, Departments, Divisions, and Agencies of state government, hereafter referred to as entities.
4.1 K.S.A. 75-7203 authorizes the ITEC to: Adopt information resource policies and procedures and provide direction and coordination for the application of the state's information technology resources for all state entities.
4.2 K.S.A. 75-7236 through 75-7243: the Kansas Cybersecurity Act: Chief Information Security Officer (CISO) serves as the executive branch chief cybersecurity strategist and authority on policies, compliance, procedures, guidance and technologies impacting executive branch cybersecurity programs.
At least half of the members of the Information Security Council must have a background in information security, cybersecurity, or information technology. Members must have some level of executive and strategic decision-making authority for their respective agency.
5.1. The State Chief Information Security Officer
5.2. A representative from the Adjutant General
5.3. A representative from the Attorney General
5.4. A representative from the Secretary of State
5.5. The Director of the Kansas Intelligence Fusion Center
5.6. The Deputy Homeland Security Advisor
5.7. A representative from the Kansas Division of Emergency Management
5.8. A representative from county governments (Serve two-year term)
5.9. A representative from municipal governments (Serve two-year term)
5.10. A representative from the Kansas Bureau of Investigation
5.11. A representative from a Regents institution (Serve term as decided by RITC)
5.12. A representative from public health (Serve two-year term)
5.13. The Director of the KCJIS Committee
5.14. A representative from public education (Serve two-year term)
5.15. A representative from the Legislative Branch of Government
5.16. A representative from the Judicial Branch of Government
6.0 RESPONSIBILITIES AND DUTIES:
6.1. Serve as the State of Kansas Cybersecurity Governance Body focused on:
6.1.1. Risk identification and mitigation
6.1.2. Strategy and planning
6.1.3. Information sharing
6.1.4. Incident response
6.1.5. Workforce development and education
6.2. Serve as a focal point to align information security and cybersecurity efforts across Kansas
6.3. Develop, publish, and maintain a Kansas Cybersecurity Strategy based on a “Whole-of-State” approach
6.4. Serve as the Kansas Cybersecurity Planning Committee
6.4.1. Develop an annual Kansas Cybersecurity Plan
6.5. Establish information security policy working groups to develop and maintain the State of Kansas ITEC Information Security Policy, Standards, Guidelines, and Recommendations
6.5.1. Policy working group members do not have to be members of the information security council
6.6. Establish additional working groups or advisory bodies to support various information security and cybersecurity related efforts
6.6.1. Working group and advisory body members do not have to be members of the information security council
6.7. The Information Security Council will meet at least quarterly
6.8. The State of Kansas Information Security Office will coordinate and facilitate Information Security Council meetings
7.1. The Kansas Information Security Office is responsible for the maintenance of this charter.