C.R.S. Section 24-37.5-403
Chief information security officer

  • duties and responsibilities

(1)

The chief information officer shall appoint a chief information security officer who shall serve at the pleasure of the chief information officer. The security officer shall report to and be under the supervision of the chief information officer. The security officer shall exhibit a background and expertise in security and risk management for communications and information resources. In the event the security officer is unavailable to perform the duties and responsibilities under this part 4, all powers and authority granted to the security officer may be exercised by the chief information officer.

(2)

The chief information security officer shall:

(a)

Develop and update information security policies, standards, and guidelines for public agencies;

(b)

Promulgate rules pursuant to article 4 of this title containing information security policies, standards, and guidelines;

(c)

Ensure the incorporation of and compliance with information security policies, standards, and guidelines in the information security plans developed by public agencies pursuant to section 24-37.5-404;

(d)

Direct information security audits and assessments in public agencies in order to ensure program compliance and adjustments;

(e)

Establish and direct a risk management process to identify information security risks in public agencies and deploy risk mitigation strategies, processes, and procedures;

(f)

Approve or disapprove and review annually the information security plans of public agencies;

(g)

Conduct information security awareness and training programs;

(h)

In coordination and consultation with the office of state planning and budgeting and the chief information officer, review public agency budget requests related to information security systems and approve such budget requests for state agencies other than the legislative department; and

(i)

Coordinate with the Colorado commission on higher education for purposes of reviewing and commenting on information security plans adopted by institutions of higher education that are submitted pursuant to section 24-37.5-404.5 (3).

(3)

It is the intent of the general assembly that the cost of the services provided by the chief information security officer to a public agency be adequately funded in fiscal years commencing on and after July 1, 2007, through an appropriation to the public agency to pay for such services.

Source: Section 24-37.5-403 — Chief information security officer - duties and responsibilities, https://leg.­colorado.­gov/sites/default/files/images/olls/crs2023-title-24.­pdf (accessed Oct. 20, 2023).

24‑37.5‑101
Legislative declaration - findings 24‑37.5‑102
Definitions 24‑37.5‑103
Office of information technology - creation - information technology revolving fund - geographic information system coordination 24‑37.5‑105
Office - roles - responsibilities - state search interface - rules - legislative declaration - definitions 24‑37.5‑105.2
State agencies - information technology - responsibilities 24‑37.5‑105.4
Delegation of authority 24‑37.5‑106
Chief information officer - duties and responsibilities 24‑37.5‑116
Communications and stakeholder management plan 24‑37.5‑117
Use of technology to interact with citizens - working group - strategic plan 24‑37.5‑118
Change of references - director to revisor of statutes 24‑37.5‑119
Broadband service - report - broadband deployment board - broadband administrative fund - creation - rules - legislative declaration - definitions - repeal 24‑37.5‑120
Technology risk prevention and response fund - creation - definitions 24‑37.5‑121
Digital access to government services - strategic plan - reporting - legislative declaration - definitions 24‑37.5‑122
Study of personally identifiable information - authority of chief information officer - report to joint technology committee - definitions - repeal 24‑37.5‑123
Colorado operations resource engine upgrade and continuous improvement project - reporting 24‑37.5‑401
Legislative declaration 24‑37.5‑403
Chief information security officer - duties and responsibilities 24‑37.5‑404
Public agencies - information security plans 24‑37.5‑404.5
Institutions of higher education - information security plans 24‑37.5‑404.7
General assembly - information security plans 24‑37.5‑405
Security incidents - authority of chief information security officer 24‑37.5‑701
Legislative declaration - intent 24‑37.5‑702
Government data advisory board - created - duties - definition 24‑37.5‑703
Interdepartmental data protocol - contents 24‑37.5‑704
Data-sharing - authorization 24‑37.5‑801
Information technology asset inventory - refresh cycle schedule - report 24‑37.5‑802
Information technology budget requests - working group - report 24‑37.5‑901
Legislative declaration 24‑37.5‑902
Definitions 24‑37.5‑903
Colorado broadband office - creation - responsibilities - gifts, grants, or donations 24‑37.5‑904
Digital inclusion grant program - income-eligible household reimbursement program - creation - award criteria - digital inclusion grant program fund - definition - reporting - repeal
Green check means up to date. Up to date

Current through Fall 2024

§ 24-37.5-403’s source at colorado​.gov