HB5547 EngrossedLRB100 18538 RJF 33756 b

1    AN ACT concerning finance.
 
2    Be it enacted by the People of the State of Illinois,
3represented in the General Assembly:
 
4    Section 5. The Illinois State Auditing Act is amended by
5adding Section 3-2.4 as follows:
 
6    (30 ILCS 5/3-2.4 new)
7    Sec. 3-2.4. Cybersecurity audit.
8    (a) In conjunction with its annual compliance examination
9program, the Auditor General shall review State agencies and
10their cybersecurity programs and practices, with a particular
11focus on agencies holding large volumes of personal
12information.
13    (b) The review required under this Section shall, at a
14minimum, assess the following:
15        (1) the effectiveness of State agency cybersecurity
16    practices;
17        (2) the risks or vulnerabilities of the cybersecurity
18    systems used by State agencies;
19        (3) the types of information that are most susceptible
20    to attack;
21        (4) ways to improve cybersecurity and eliminate
22    vulnerabilities to State cybersecurity systems; and
23        (5) any other information concerning the cybersecurity

 

 

HB5547 Engrossed- 2 -LRB100 18538 RJF 33756 b

1    of State agencies that the Auditor General deems necessary
2    and proper.
3    (c) Any findings resulting from the testing conducted under
4this Section shall be included within the applicable State
5agency's compliance examination report. Each compliance
6examination report shall be issued in accordance with the
7provisions of Section 3-14. A copy of the report shall also be
8delivered to the head of the applicable State agency and posted
9on the Auditor General's website.