Florida Senate - 2006 COMMITTEE AMENDMENT
Bill No. SB 856
Barcode 864392
CHAMBER ACTION
Senate House
.
.
1 Comm: RCS .
03/21/2006 03:54 PM .
2 .
.
3 .
.
4 ______________________________________________________________
5
6
7
8
9
10 ______________________________________________________________
11 The Committee on Domestic Security (Diaz de la Portilla)
12 recommended the following amendment:
13
14 Senate Amendment (with title amendment)
15 Delete everything after the enacting clause
16
17 and insert:
18 Section 1. Section 282.318, Florida Statutes, is
19 amended to read:
20 282.318 Security of data and information technology
21 resources.--
22 (1) This section may be cited as the "Security of Data
23 and Information Technology Resources Act."
24 (2)(a) The Department of Management Services,
25 hereafter referred to as the department The State Technology
26 Office, in consultation with each agency head, is responsible
27 for coordinating, assessing, and setting minimum standard
28 operating procedures for and accountable for assuring an
29 adequate level of security for all data and information
30 technology resources of each agency and, to carry out this
31 responsibility, will shall, at a minimum:
1
1:16 PM 03/16/06 s0856d-ds36-b03
Florida Senate - 2006 COMMITTEE AMENDMENT
Bill No. SB 856
Barcode 864392
1 (a)1. Require that each agency designate an
2 information security manager who shall administer the security
3 program of each agency for its data and information technology
4 resources.
5 (b)2. Require that each agency conduct and update
6 every 3 years Conduct, and periodically update, a
7 comprehensive risk analysis to determine the security threats
8 to the data, information, and information technology resources
9 of each agency. The risk analysis information is confidential
10 and exempt from the provisions of s. 119.07(1), except that
11 such information shall be available to the Auditor General in
12 performing his or her postauditing duties.
13 (c)3. Assist each agency with the development and
14 provide revisions of Develop, and periodically update, written
15 internal policies and procedures to assure the security of the
16 data, information, and information technology resources of
17 each agency. The internal policies and procedures which, if
18 disclosed, could facilitate the unauthorized modification,
19 disclosure, or destruction of data or information technology
20 resources are confidential information and exempt from the
21 provisions of s. 119.07(1), except that such information shall
22 be available to the Auditor General in performing his or her
23 postauditing duties.
24 (d)4. Require each agency to implement appropriate
25 cost-effective safeguards to reduce, eliminate, or recover
26 from the identified risks to the data and information
27 technology resources of each agency.
28 (e)5. Require each agency to ensure that periodic
29 internal audits and evaluations of each security program for
30 the data and information technology resources of the agency
31 are conducted. The results of such internal audits and
2
1:16 PM 03/16/06 s0856d-ds36-b03
Florida Senate - 2006 COMMITTEE AMENDMENT
Bill No. SB 856
Barcode 864392
1 evaluations are confidential information and exempt from the
2 provisions of s. 119.07(1), except that such information shall
3 be available to the Auditor General in performing his or her
4 postauditing duties and to the Office of Information Security
5 for performance of its coordination and assessment duties.
6 (f)6. Require that each agency include appropriate
7 security requirements, as determined by the Department of
8 Management Services the State Technology Office, in
9 consultation with the Department of Law Enforcement each
10 agency head, in the written specifications for the
11 solicitation of information technology resources.
12 (b) In those instances in which the department State
13 Technology Office develops state contracts for use by state
14 agencies, the department office shall include appropriate
15 security requirements in the specifications for the
16 solicitation for state contracts for procuring information
17 technology resources.
18 (3) In order to ensure the security of enterprise
19 information, the department shall establish the Office of
20 Information Security and shall designate a Chief Information
21 Security Officer as the head of the office. The office shall
22 work with all branches of state government and coordinate with
23 the Agency Chief Information Officers Council and the
24 Executive Office of the Governor. The office is responsible
25 for security rulemaking and formulation of policy
26 recommendations, security audit oversight, training of
27 information security managers, coordination of domestic
28 security funding for cybersecurity issues, and shall set
29 minimum standards for the recovery of information technology
30 following a disaster. The funding for this office and the
31 associated positions shall be provided with general revenue
3
1:16 PM 03/16/06 s0856d-ds36-b03
Florida Senate - 2006 COMMITTEE AMENDMENT
Bill No. SB 856
Barcode 864392
1 and is the responsibility of the department.
2 (4) The department may adopt rules relating to the
3 security of data, information, and information technology
4 pursuant to ss. 120.536(1) and 120.54 to administer this part.
5 Section 2. This act shall take effect upon becoming a
6 law.
7
8
9 ================ T I T L E A M E N D M E N T ===============
10 And the title is amended as follows:
11 Delete everything before the enacting clause
12
13 and insert:
14 A bill to be entitled
15 An act relating to domestic security; amending
16 s. 282.318, F.S.; requiring the Department of
17 Management Services to set minimum standard
18 operating procedures for the security of data
19 and information technology resources; providing
20 for the department to require each agency to
21 conduct certain procedures to assure the
22 security of data, information, and information
23 technology resources; requiring that the
24 results of certain internal audits and
25 evaluations be available to the Office of
26 Information Security; requiring the department
27 to establish an Office of Information Security
28 and to designate a Chief Information Security
29 Officer; providing that the office is
30 responsible for certain procedures and
31 standards; providing for the office to be
4
1:16 PM 03/16/06 s0856d-ds36-b03
Florida Senate - 2006 COMMITTEE AMENDMENT
Bill No. SB 856
Barcode 864392
1 funded by general revenue; authorizing the
2 department to adopt rules; providing an
3 effective date.
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
5
1:16 PM 03/16/06 s0856d-ds36-b03