30 ILCS 5/3-2.4

    (30 ILCS 5/3-2.4)
    Sec. 3-2.4. Cybersecurity audit.

(a)   In conjunction with its annual compliance examination program, the Auditor General shall review State agencies and their cybersecurity programs and practices, with a particular focus on agencies holding large volumes of personal information.

(b) The review required under this Section shall, at a minimum, assess the following:
(1) the effectiveness of State agency cybersecurity

practices;

(2) the risks or vulnerabilities of the

cybersecurity systems used by State agencies;

(3) the types of information that are most

susceptible to attack;

(4) ways to improve cybersecurity and eliminate

vulnerabilities to State cybersecurity systems; and

(5) any other information concerning the

cybersecurity of State agencies that the Auditor General deems necessary and proper.

(c)   Any findings resulting from the testing conducted under this Section shall be included within the applicable State agency's compliance examination report. Each compliance examination report shall be issued in accordance with the provisions of Section 3-14. A copy of the report shall also be delivered to the head of the applicable State agency and posted on the Auditor General's website.

(Source: P.A. 100-914, eff. 1-1-19.)