(20 ILCS 1375/5-5)
    Sec. 5-5. Definitions. As used in this Act:
    "Critical information system" means any information system (including any telecommunications system) used or operated by a State agency or by a contractor of a State agency or other organization or entity on behalf of a State agency: that contains health insurance information, medical information, or personal information as defined in the Personal Information Protection Act; where the unauthorized disclosure, modification, destruction of information in the information system could be expected to have a serious, severe, or catastrophic adverse effect on State agency operations, assets, or individuals; or where the disruption of access to or use of the information or information system could be expected to have a serious, severe, or catastrophic adverse effect on State operations, assets, or individuals.
    "Department" means the Department of Innovation and Technology.
    "Information security" means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide: integrity, which means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity; confidentiality, which means preserving authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information; and availability, which means ensuring timely and reliable access to and use of information.
    "Incident" means an occurrence that: actually or imminently jeopardizes, without lawful authority, the confidentiality, integrity, or availability of information or an information system; or constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies or standard security practices.
    "Information system" means a discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information created or maintained by or for the State of Illinois.
    "Office" means the Office of the Statewide Chief Information Security Officer.
    "Secretary" means the Secretary of Innovation and Technology.
    "Security controls" means the management, operational, and technical controls (including safeguards and countermeasures) for an information system that protect the confidentiality, integrity, and availability of the system and its information.
    "State agency" means any agency under the jurisdiction of the Governor.
(Source: P.A. 100-611, eff. 7-20-18.)