ITEC Policy 7300 - Information Technology Security Council Charter

1.0 TITLE: Information Technology Security Council Charter

1.1 EFFECTIVE DATE: May 02, 2002

1.2 REVISED: January 16, 2015

1.3 TYPE OF ACTION: Revision

2.0 PURPOSE: To establish an Information Technology Security Council that is advisory to the Information Technology Executive Council (ITEC).

3.0 ORGANIZATIONS AFFECTED: All Branches, Boards, Commissions, Departments, Divisions, and Agencies of state government, hereafter referred to as entities.

4.0 REFERENCES:

4.1 K.S.A. 1998 Supp. 75-7203 authorizes the ITEC to: Adopt information resource policies and procedures and provide direction and coordination for the application of the state's information technology resources for all state entities.

5.0 DEFINITIONS:

5.1 Information technology is an inclusive term to address the services and functions commonly associated with information systems and telecommunications.

6.0 POLICY:

6.1 The Information Technology Security Council shall:

6.2 Address information technology security issues and provide policy, standards, guidelines, or procedural recommendations to the Information Technology Executive Council.

6.3 Promote technical, administrative and end user security training in accordance with best practices and industry standards.

6.4 Initiate and recommend security specifications for statewide contracts for common information technology requirements from suppliers qualified by the Division of Purchases.

6.5 Review proposed programs and projects referred by Chief Information Technology Officers and make recommendations regarding the appropriateness of security measures, technologies used, compliance with policy and standards, conformity with the Kansas Information Technology Architecture and resource estimates. 

6.6 Provide guidance to the Kansas Information Technology Architecture Security Subcommittee regarding security aspects of the architecture. 

6.7 Contribute to and support the Kansas Statewide 3 year IT Management and Budget Plan.

6.8 Promote coordination and cooperation among state entities for effective integration and use of information technology security. 

6.9 Promote and coordinate Quality Assurance of IT security processes and practices.

6.10 Promote IT security audits throughout the enterprise. 

6.11 Address information technology security resource management issues at the request of the ITEC and make recommendations thereon. 

7.0 PROCEDURES:

7.1 The Security Council shall be composed of the following members:

7.1.1 A representative from the Kansas Enterprise Security Office 

7.1.2 A representative from the Kansas Adjutant General’s Department 

7.1.3 A representative from the Department of Administration

7.1.4 A representative from the Kansas Department of Agriculture

7.1.5 A representative from the Office of the Kansas Attorney General

7.1.6 A representative from the Kansas Department of Corrections

7.1.7 A representative from Federal Law Enforcement [as ex officio member]

7.1.8 A representative appointed by the Kansas Chapter, Association of Government Management Information Sciences

7.1.9 A representative from the Kansas Department of Health and Environment

7.1.10 The Executive Director of the Information Network Kansas 

7.1.11 A representative from the Kansas Bureau of Investigation

7.1.12 A representative from the Judicial Branch

7.1.13 A representative from the Legislative Branch

7.1.14 A representative from the Kansas Legislative Post Audit [as ex officio member]

7.1.15 A representative from the Kansas Board of Regents

7.1.16 A representative from the Kansas Department of Revenue

7.1.17 A representative from the Kansas Department of Transportation

7.1.18 A representative from the Kansas Department of Education

7.1.19 A representative from the Kansas Department of Children and Families

7.1.20 A representative from the Kansas Department of Aging and Disability Services

7.1.21 A representative from the Kansas State University 

7.1.22 A representative from the University of Kansas

7.1.23 A representative from the University of Kansas Medical Center

7.1.24 A representative from the Regents members

7.2 Each entity specified in section 7.1 shall appoint as their representative to the Information Technology Security Council, the person most qualified to discharge the intent of this charter. The ITEC or the Information Technology Security Council may seek representation from additional state entities to serve as members. Additional local, state, federal and private sector members may participate as  deemed appropriate by the Information Technology Security Council. 

7.3 A quorum is necessary to vote on changes to this Charter and a quorum is defined as a simple majority of voting members.

7.4 The entities specified in section 7.1 shall notify the Kansas Enterprise Security Office of their designated representative for service on the Information Technology Security Council. 

7.5 For administrative purposes, the Information Technology Security Council will receive staff support from the Kansas Enterprise Security Office. 

8.0 RESPONSIBILITIES:

8.1 The Kansas Enterprise Security Office is responsible for the maintenance of this policy.

9.0 CANCELLATION:

9.1 None.