AB 531: Office of Information Security: information security technologies.

Existing law establishes the Office of Information Security within the Department of Technology, under the supervision of the Chief of the Office of Information Security, and requires the chief to establish an information security program. Existing law authorizes the office to conduct, or require to be conducted, an independent security assessment of any state agency, department, or office, the cost of which is to be funded by the state agency, department, or office being assessed.

This bill would require the office, on or before July 1, 2019, to review information security technologies currently in place in state agencies to determine if there are sufficient policies, standards, and procedures in place to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content, as defined, inside or outside the firewall of state agencies. The bill would require the office, following the review, to develop a statewide plan to require the implementation by state agencies, during the next fiscal year, of any information security technology the office determines to be necessary to protect critical government information and prevent the compromise or unauthorized disclosure of sensitive digital content of a state agency.