Can I skip having an information security program in place in Kansas? What are the requirements?

Information Security Program Requirements in Kansas

In Kansas, an information security program is required by law. The Kansas Cybersecurity Act ^[2.1] establishes the Kansas Information Security Office (KISO) within the Office of Information Technology Services. The KISO is responsible for administering the Kansas Cybersecurity Act and assisting the executive branch in developing, implementing, and monitoring strategic and comprehensive information security risk-management programs.

Under the direction of the Chief Information Security Officer (CISO), the KISO is responsible for creating and managing a unified and flexible control framework to integrate and normalize requirements resulting from applicable state and federal laws, and rules and regulations. The KISO also facilitates a metrics, logging, and reporting framework to measure the efficiency and effectiveness of state information security programs.

Therefore, it is not possible to skip having an information security program in place in Kansas.

For more information on the requirements for an information security program in Kansas, please refer to the Kansas Cybersecurity Act ^[2.1].

Source(s):

• [2.1] Kansas information security office; establishment and administration; separate state agency; powers and duties.

Jurisdiction

Kansas

• Privacy