C.R.S. Section 24-37.5-405
Security incidents

  • authority of chief information security officer

(1)

A security incident in a public agency shall be reported to the chief information security officer in accordance with state incident reporting policies, standards, and guidelines.

(2)

The chief information security officer shall be authorized to temporarily discontinue or suspend the operation of a public agency’s communication and information resources in order to isolate the source of a security incident. The officer shall give notice to the governor, or the lieutenant governor in the event the governor is not available, the chief information officer, and the head of the public agency concurrent with such discontinuation or suspension of operations. The officer shall ensure, to the extent possible, the continuity of operations for the communication and information resources that support the operations and assets of the public agency.

(3)

The chief information security officer may enter into contracts with a private person or entity to assist with resolving a security incident in a public agency. The officer shall establish an approved list of certified private persons and entities that may provide contract services in the event of a security incident. The officer shall establish criteria for the placement of private persons and entities on the list and shall select such persons and entities for placement on the list utilizing a request for proposals containing such criteria.

(4)

Public agencies shall comply and cooperate with a directive of the chief information security officer pursuant to subsection (2) of this section to temporarily discontinue or suspend the operation of a public agency’s communication and information resources.

Source: Section 24-37.5-405 — Security incidents - authority of chief information security officer, https://leg.­colorado.­gov/sites/default/files/images/olls/crs2023-title-24.­pdf (accessed Oct. 20, 2023).

24‑37.5‑101
Legislative declaration - findings 24‑37.5‑102
Definitions 24‑37.5‑103
Office of information technology - creation - information technology revolving fund - geographic information system coordination 24‑37.5‑105
Office - roles - responsibilities - state search interface - rules - legislative declaration - definitions 24‑37.5‑105.2
State agencies - information technology - responsibilities 24‑37.5‑105.4
Delegation of authority 24‑37.5‑106
Chief information officer - duties and responsibilities 24‑37.5‑116
Communications and stakeholder management plan 24‑37.5‑117
Use of technology to interact with citizens - working group - strategic plan 24‑37.5‑118
Change of references - director to revisor of statutes 24‑37.5‑119
Broadband service - report - broadband deployment board - broadband administrative fund - creation - rules - legislative declaration - definitions - repeal 24‑37.5‑120
Technology risk prevention and response fund - creation - definitions 24‑37.5‑121
Digital access to government services - strategic plan - reporting - legislative declaration - definitions 24‑37.5‑122
Study of personally identifiable information - authority of chief information officer - report to joint technology committee - definitions - repeal 24‑37.5‑123
Colorado operations resource engine upgrade and continuous improvement project - reporting 24‑37.5‑401
Legislative declaration 24‑37.5‑403
Chief information security officer - duties and responsibilities 24‑37.5‑404
Public agencies - information security plans 24‑37.5‑404.5
Institutions of higher education - information security plans 24‑37.5‑404.7
General assembly - information security plans 24‑37.5‑405
Security incidents - authority of chief information security officer 24‑37.5‑701
Legislative declaration - intent 24‑37.5‑702
Government data advisory board - created - duties - definition 24‑37.5‑703
Interdepartmental data protocol - contents 24‑37.5‑704
Data-sharing - authorization 24‑37.5‑801
Information technology asset inventory - refresh cycle schedule - report 24‑37.5‑802
Information technology budget requests - working group - report 24‑37.5‑901
Legislative declaration 24‑37.5‑902
Definitions 24‑37.5‑903
Colorado broadband office - creation - responsibilities - gifts, grants, or donations 24‑37.5‑904
Digital inclusion grant program - income-eligible household reimbursement program - creation - award criteria - digital inclusion grant program fund - definition - reporting - repeal
Green check means up to date. Up to date

Current through Fall 2024

§ 24-37.5-405’s source at colorado​.gov